ID USN-2467-1 Type ubuntu Reporter Ubuntu Modified 2015-01-13T00:00:00
Description
A null pointer dereference flaw was discovered in the the Linux kernel’s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)
A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)
Miloš Prchlík reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)
A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)
{"id": "USN-2467-1", "bulletinFamily": "unix", "title": "Linux kernel (Utopic HWE) vulnerabilities", "description": "A null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)", "published": "2015-01-13T00:00:00", "modified": "2015-01-13T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2467-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7842", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7843", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8884", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7841"], "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "type": "ubuntu", "lastseen": "2018-03-29T18:19:38", "history": [], "edition": 1, "hashmap": [{"key": "affectedPackage", "hash": "2e79d14d964d2b5d6aa4362339537c72"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "a4a72afef5ef9256c7bbdf427ba3f4d6"}, {"key": "cvss", "hash": "98b292f143cc7bbefe568a9d94c888c6"}, {"key": "description", "hash": "8f2de39732573264efb6b55874ca259c"}, {"key": "href", "hash": "9b408caca9fb27209cc98b2ecd99b930"}, {"key": "modified", "hash": "81573fced906c6c685b5b8c396d52131"}, {"key": "published", "hash": "81573fced906c6c685b5b8c396d52131"}, {"key": "references", "hash": "45a87397e608488f8cdcb20b159edfec"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "c7de3e123e39d34f9bbf088a371f2bd4"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "f75a1db62da3ef389a047d01f97f576a4a93f39c05fe9ccc8615386c509cb5a0", "viewCount": 0, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-lowlatency", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-generic", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-generic-lpae", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-powerpc-e500mc", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-powerpc-smp", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-powerpc64-smp", "packageVersion": "3.16.0-29.39~14.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.16.0-29-powerpc64-emb", "packageVersion": "3.16.0-29.39~14.04.1"}]}
{"result": {"cve": [{"id": "CVE-2014-7841", "type": "cve", "title": "CVE-2014-7841", "description": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.", "published": "2014-11-29T20:59:03", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7841", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-04-18T15:55:21"}, {"id": "CVE-2014-7843", "type": "cve", "title": "CVE-2014-7843", "description": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.", "published": "2014-11-29T20:59:05", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7843", "cvelist": ["CVE-2014-7843"], "lastseen": "2016-09-03T21:23:12"}, {"id": "CVE-2014-8884", "type": "cve", "title": "CVE-2014-8884", "description": "Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.", "published": "2014-11-29T20:59:06", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8884", "cvelist": ["CVE-2014-8884"], "lastseen": "2018-01-05T12:21:53"}, {"id": "CVE-2014-7842", "type": "cve", "title": "CVE-2014-7842", "description": "Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.", "published": "2014-11-29T20:59:04", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7842", "cvelist": ["CVE-2014-7842"], "lastseen": "2017-04-18T15:55:21"}], "f5": [{"id": "F5:K16016", "type": "f5", "title": "Linux kernel SCTP vulnerability CVE-2014-7841", "description": "\nF5 Product Development has assigned ID 493765 (BIG-IP), ID 499497 (Enterprise Manager), and ID 499496 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.1.0 - 11.6.0| 12.0.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Linux kernel (management interface) \nSelf IPs* \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Linux kernel (management interface) \nSelf IPs* \nBIG-IP Analytics| 11.1.0 - 11.6.0| 12.0.0 \n11.0.0| Linux kernel (management interface) \nSelf IPs* \nBIG-IP APM| 11.1.0 - 11.6.0| 12.0.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP ASM| 11.1.0 - 11.6.0| 12.0.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP GTM| 11.1.0 - 11.6.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP Link Controller| 11.1.0 - 11.6.0| 12.0.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Linux kernel (management interface) \nSelf IPs* \nBIG-IP PSM| 11.1.0 - 11.4.1| 12.0.0 \n11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| Linux kernel (management interface) \nSelf IPs* \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.1.0 - 3.1.1| 3.0.0 \n2.1.0 - 2.3.0| Linux kernel (management interface) \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Linux kernel (management interface) \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Linux kernel (management interface) \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Linux kernel (management interface) \nBIG-IQ ADC| 4.5.0| None| Linux kernel (management interface) \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| Linux kernel (management interface) \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Linux kernel (management interface) \nF5 iWorkflow| None| 2.0.0| None \nLineRate| None| 2.4.0 - 2.50 \n1.6.0 - 1.6.4| None \n \n* The affected versions ship with vulnerable code (SCTP kernel module) but do not enable the code by default; however, the management interface and/or self-IPs would be affected only if the vulnerable SCTP kernel module is loaded and SCTP traffic is allowed on these objects.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should allow only trusted SCTP traffic to the management interface and/or self IP in a secure network. \n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K7312: Overview of the management port](<https://support.f5.com/csp/article/K7312>)\n * [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>)\n * [K15910: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687](<https://support.f5.com/csp/article/K15910>)\n", "published": "2015-01-22T03:56:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K16016", "cvelist": ["CVE-2014-3673", "CVE-2014-7841", "CVE-2014-3687"], "lastseen": "2017-06-08T00:16:33"}, {"id": "SOL16016", "type": "f5", "title": "SOL16016 - Linux kernel SCTP vulnerability CVE-2014-7841", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should allow only trusted SCTP traffic to the management interface and/or self IP in a secure network.\u00c2 \n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL7312: Overview of the management port\n * SOL13092: Overview of securing access to the BIG-IP system\n * SOL15910: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687\n", "published": "2015-01-21T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html", "cvelist": ["CVE-2014-3673", "CVE-2014-7841", "CVE-2014-3687"], "lastseen": "2016-12-03T05:27:38"}, {"id": "SOL16348", "type": "f5", "title": "SOL16348 - tftp-hpa vulnerability CVE-2011-2199", "description": "Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. ([CVE-2011-2199](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2199>))\n", "published": "2015-04-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16348.html", "cvelist": ["CVE-2014-7841", "CVE-2011-2199"], "lastseen": "2016-11-09T00:09:44"}, {"id": "SOL16558", "type": "f5", "title": "SOL16558 - Linux kernel vulnerability CVE-2014-8884", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-05-08T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/500/sol16558.html", "cvelist": ["CVE-2014-8884"], "lastseen": "2016-09-26T17:23:06"}, {"id": "F5:K62700573", "type": "f5", "title": "Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842", "description": "\nF5 Product Development has assigned ID 493756 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP DNS| 12.0.0| None| Medium| vCMP guests \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP GTM| 11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP PSM| 11.0.0 - 11.4.1| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP WOM| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2016-01-22T03:51:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K62700573", "cvelist": ["CVE-2010-5313", "CVE-2014-7842"], "lastseen": "2017-11-09T20:46:30"}, {"id": "SOL62700573", "type": "f5", "title": "SOL62700573 - Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "published": "2016-01-21T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/62/sol62700573.html", "cvelist": ["CVE-2010-5313", "CVE-2014-7842"], "lastseen": "2016-09-26T17:23:27"}], "openvas": [{"id": "OPENVAS:1361412562310123190", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3004", "description": "Oracle Linux Local Security Checks ELSA-2015-3004", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123190", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-07-24T12:53:31"}, {"id": "OPENVAS:1361412562310123191", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3005", "description": "Oracle Linux Local Security Checks ELSA-2015-3005", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123191", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-07-24T12:52:32"}, {"id": "OPENVAS:1361412562310882110", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:0087 centos6 ", "description": "Check the version of kernel", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882110", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-07-25T10:53:32"}, {"id": "OPENVAS:1361412562310871306", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:0087-01", "description": "Check the version of kernel", "published": "2015-01-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871306", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-07-27T10:52:43"}, {"id": "OPENVAS:1361412562310123192", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3003", "description": "Oracle Linux Local Security Checks ELSA-2015-3003", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123192", "cvelist": ["CVE-2014-7841", "CVE-2014-7145"], "lastseen": "2017-07-24T12:53:33"}, {"id": "OPENVAS:1361412562310123193", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0087", "description": "Oracle Linux Local Security Checks ELSA-2015-0087", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123193", "cvelist": ["CVE-2014-7841", "CVE-2014-9322", "CVE-2014-4656"], "lastseen": "2017-07-24T12:53:52"}, {"id": "OPENVAS:703093", "type": "openvas", "title": "Debian Security Advisory DSA 3093-1 (linux - security update)", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:\n\nCVE-2014-7841\nLiu Wei of Red Hat discovered that a SCTP server doing ASCONF will\npanic on malformed INIT chunks by triggering a NULL pointer\ndereference.\n\nCVE-2014-8369\nA flaw was discovered in the way iommu mapping failures were handled\nin the kvm_iommu_map_pages() function in the Linux kernel. A guest\nOS user could exploit this flaw to cause a denial of service (host\nOS memory corruption) or possibly have other unspecified impact on\nthe host OS.\n\nCVE-2014-8884\nA stack-based buffer overflow flaw was discovered in the\nTechnoTrend/Hauppauge DEC USB driver. A local user with write access\nto the corresponding device could use this flaw to crash the kernel\nor, potentially, elevate their privileges.\n\nCVE-2014-9090\nAndy Lutomirski discovered that the do_double_fault function in\narch/x86/kernel/traps.c in the Linux kernel did not properly handle\nfaults associated with the Stack Segment (SS) segment register,\nwhich allows local users to cause a denial of service (panic).", "published": "2014-12-08T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703093", "cvelist": ["CVE-2014-8369", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-8884"], "lastseen": "2017-08-04T10:48:58"}, {"id": "OPENVAS:1361412562310842044", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-2467-1", "description": "Check the version of linux-lts-utopic", "published": "2015-01-23T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842044", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2017-12-04T11:23:18"}, {"id": "OPENVAS:1361412562310842039", "type": "openvas", "title": "Ubuntu Update for linux USN-2468-1", "description": "Check the version of linux", "published": "2015-01-23T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842039", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2017-12-04T11:23:40"}, {"id": "OPENVAS:1361412562310703093", "type": "openvas", "title": "Debian Security Advisory DSA 3093-1 (linux - security update)", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:\n\nCVE-2014-7841\nLiu Wei of Red Hat discovered that a SCTP server doing ASCONF will\npanic on malformed INIT chunks by triggering a NULL pointer\ndereference.\n\nCVE-2014-8369\nA flaw was discovered in the way iommu mapping failures were handled\nin the kvm_iommu_map_pages() function in the Linux kernel. A guest\nOS user could exploit this flaw to cause a denial of service (host\nOS memory corruption) or possibly have other unspecified impact on\nthe host OS.\n\nCVE-2014-8884\nA stack-based buffer overflow flaw was discovered in the\nTechnoTrend/Hauppauge DEC USB driver. A local user with write access\nto the corresponding device could use this flaw to crash the kernel\nor, potentially, elevate their privileges.\n\nCVE-2014-9090\nAndy Lutomirski discovered that the do_double_fault function in\narch/x86/kernel/traps.c in the Linux kernel did not properly handle\nfaults associated with the Stack Segment (SS) segment register,\nwhich allows local users to cause a denial of service (panic).", "published": "2014-12-08T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703093", "cvelist": ["CVE-2014-8369", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-8884"], "lastseen": "2018-04-06T11:12:02"}], "nessus": [{"id": "F5_BIGIP_SOL16016.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel SCTP vulnerability (K16016)", "description": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.\n(CVE-2014-7841)", "published": "2015-01-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80891", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-10-29T13:41:31"}, {"id": "REDHAT-RHSA-2015-0285.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0285)", "description": "Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\nThis issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs :\n\n* Due to several bugs in the network console logging, a race condition between the network console send operation and the driver's IRQ handler could occur, or the network console could access invalid memory content. As a consequence, the respective driver, such as vmxnet3, triggered a BUG_ON() assertion and the system terminated unexpectedly. A patch addressing these bugs has been applied so that driver's IRQs are disabled before processing the send operation and the network console now accesses the RCU-protected (read-copy update) data properly. Systems using the network console logging no longer crashes due to the aforementioned conditions. (BZ#1165983)\n\n* A bug in the vmxnet3 driver allowed potential race conditions to be triggered when the driver was used with the netconsole module. The race conditions allowed the driver's internal New API (NAPI) poll routine to run concurrently with the netpoll controller routine, which resulted in data corruption and a subsequent kernel panic. To fix this problem, the vmxnet3 driver has been modified to call the appropriate interrupt handler to schedule NAPI poll requests properly.\n(BZ#1179594)\n\n* Prior to this update, nfs_mark_return_delegation() was called without any locking, resulting in unsafe dereferencing of delegation->inode. Because the inode is only used to discover the nfs_client, the callers now pass a valid pointer to the nfs_server as a parameter. (BZ#1187637)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2015-03-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81625", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-10-29T13:42:51"}, {"id": "ORACLELINUX_ELSA-2015-3004.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3004)", "description": "Description of changes:\n\n[2.6.39-400.246.2.el6uek]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425333] {CVE-2014-7841}\n\n[2.6.39-400.246.1.el6uek]\n- sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [Orabug: 20148169]\n- include/linux/math64.h: add div64_ul() (Alex Shi)\n- deadlock when two nodes are converting same lock from PR to EX and idletimeout closes conn (Tariq Saeed) [Orabug: 18639535]\n- bonding: Bond master should reflect slave's features. (Ashish Samant) [Orabug: 20231825]\n- x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20239143]\n- x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: use non-lazy fpu restore for processors supporting xsave (Suresh Siddha) [Orabug: 20239143]\n- lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage (Suresh Siddha) [Orabug: 20239143]\n- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Suresh Siddha) [Orabug: 20239143]\n- raid5: add AVX optimized RAID5 checksumming (Jim Kukunas) [Orabug: 20239143]\n- x86, fpu: drop the fpu state during thread exit (Suresh Siddha) [Orabug: 20239143]\n- x32: Add a thread flag for x32 processes (H. Peter Anvin) [Orabug: 20239143]\n- x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels (Suresh Siddha) [Orabug: 20239143]\n- x86, fpu: Consolidate inline asm routines for saving/restoring fpu state (Suresh Siddha) [Orabug: 20239143]\n- x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha) [Orabug: 20239143] into exported and internal interfaces (Linus Torvalds) [Orabug: 20239143]\n- i387: Uninline the generic FP helpers that we expose to kernel modules (Linus Torvalds) [Orabug: 20239143]\n- i387: use 'restore_fpu_checking()' directly in task switching code (Linus Torvalds) [Orabug: 20239143]\n- i387: fix up some fpu_counter confusion (Linus Torvalds) [Orabug: 20239143]", "published": "2015-01-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81101", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-10-29T13:40:54"}, {"id": "ORACLELINUX_ELSA-2015-3005.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3005)", "description": "Description of changes:\n\nkernel-uek [2.6.32-400.36.14.el6uek]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425334] {CVE-2014-7841}", "published": "2015-01-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81102", "cvelist": ["CVE-2014-7841"], "lastseen": "2017-10-29T13:43:29"}, {"id": "ORACLELINUX_ELSA-2015-3003.NASL", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3003)", "description": "Description of changes:\n\nkernel-uek [3.8.13-55.1.5.el7uek]\n- [CIFS] Possible null ptr deref in SMB2_tcon (Steve French) [Orabug: 20433140] {CVE-2014-7145}\n\n[3.8.13-55.1.4.el7uek]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425332] {CVE-2014-7841}\n\n[3.8.13-55.1.3.el7uek]\n- ACPI: x2apic entry ignored (Cathy Avery) [Orabug: 19475776] - i40e: relax the firmware API version check (Shannon Nelson) [Orabug: 20216831]\n- x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20232585]\n- iommu/{vt-d,amd}: Remove multifunction assumption around grouping (Alex Williamson) [Orabug: 20192796]", "published": "2015-01-30T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81100", "cvelist": ["CVE-2014-7841", "CVE-2014-7145"], "lastseen": "2017-10-29T13:37:31"}, {"id": "CENTOS_RHSA-2015-0087.NASL", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2015:0087)", "description": "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate)\n\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81054", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-10-29T13:38:53"}, {"id": "REDHAT-RHSA-2015-0087.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2015:0087)", "description": "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate)\n\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2015-01-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81032", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-10-29T13:33:22"}, {"id": "SL_20150127_KERNEL_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/srpm/x86_64", "description": "* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate)\n\nThe system must be rebooted for this update to take effect.", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81072", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-10-29T13:40:11"}, {"id": "ORACLELINUX_ELSA-2015-0087.NASL", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2015-0087)", "description": "From Red Hat Security Advisory 2015:0087 :\n\nUpdated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate)\n\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81065", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-10-29T13:40:10"}, {"id": "UBUNTU_USN-2468-1.NASL", "type": "nessus", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2468-1)", "description": "A NULL pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-01-14T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80515", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2017-10-29T13:39:37"}], "oraclelinux": [{"id": "ELSA-2015-3005", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[2.6.32-400.36.14uek]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425334] {CVE-2014-7841}", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3005.html", "cvelist": ["CVE-2014-7841"], "lastseen": "2016-09-04T11:16:06"}, {"id": "ELSA-2015-3004", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security and bugfix update", "description": "[2.6.39-400.246.2]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425333] {CVE-2014-7841}\n[2.6.39-400.246.1]\n- sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [Orabug: 20148169] \n- include/linux/math64.h: add div64_ul() (Alex Shi) \n- deadlock when two nodes are converting same lock from PR to EX and idletimeout closes conn (Tariq Saeed) [Orabug: 18639535] \n- bonding: Bond master should reflect slave's features. (Ashish Samant) [Orabug: 20231825] \n- x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20239143] \n- x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: use non-lazy fpu restore for processors supporting xsave (Suresh Siddha) [Orabug: 20239143] \n- lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage (Suresh Siddha) [Orabug: 20239143] \n- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Suresh Siddha) [Orabug: 20239143] \n- raid5: add AVX optimized RAID5 checksumming (Jim Kukunas) [Orabug: 20239143] \n- x86, fpu: drop the fpu state during thread exit (Suresh Siddha) [Orabug: 20239143] \n- x32: Add a thread flag for x32 processes (H. Peter Anvin) [Orabug: 20239143] \n- x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels (Suresh Siddha) [Orabug: 20239143] \n- x86, fpu: Consolidate inline asm routines for saving/restoring fpu state (Suresh Siddha) [Orabug: 20239143] \n- x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha) [Orabug: 20239143] \ninto exported and internal interfaces (Linus Torvalds) [Orabug: 20239143] \n- i387: Uninline the generic FP helpers that we expose to kernel modules (Linus Torvalds) [Orabug: 20239143] \n- i387: use 'restore_fpu_checking()' directly in task switching code (Linus Torvalds) [Orabug: 20239143] \n- i387: fix up some fpu_counter confusion (Linus Torvalds) [Orabug: 20239143]", "published": "2015-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3004.html", "cvelist": ["CVE-2014-7841"], "lastseen": "2016-09-04T11:17:10"}, {"id": "ELSA-2015-3003", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security and bugfix update", "description": "kernel-uek\n[3.8.13-55.1.5]\n- [CIFS] Possible null ptr deref in SMB2_tcon (Steve French) [Orabug: 20433140] {CVE-2014-7145}\n[3.8.13-55.1.4]\n- net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425332] {CVE-2014-7841}\n[3.8.13-55.1.3]\n- ACPI: x2apic entry ignored (Cathy Avery) [Orabug: 19475776] \n- i40e: relax the firmware API version check (Shannon Nelson) [Orabug: 20216831] \n- x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20232585] \n- iommu/{vt-d,amd}: Remove multifunction assumption around grouping (Alex Williamson) [Orabug: 20192796]", "published": "2015-01-29T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3003.html", "cvelist": ["CVE-2014-7841", "CVE-2014-7145"], "lastseen": "2016-09-04T11:16:04"}, {"id": "ELSA-2015-0087", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.32-504.8.1]\n- [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212]\n- [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212]\n- [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212]\n- [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212]\n- [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212]\n[2.6.32-504.7.1]\n- [kernel] ipc/sem: Fully initialize sem_array before making it visible (Rik van Riel) [1172029 1165277]\n- [kernel] ipc/sem: synchronize semop and semctl with IPC_RMID (Rik van Riel) [1172029 1165277]\n- [kernel] ipc/sem: update sem_otime for all operations (Larry Woodman) [1172025 1168588]\n- [fs] fuse: prevent null nd panic on dentry revalidate (Brian Foster) [1172022 1162782]\n- [net] netfilter: ipset: timeout values corrupted on set resize (Marcelo Leitner) [1172764 1152754]\n- [net] netfilter: fix xt_TCPOPTSTRIP in forwarding path (Marcelo Leitner) [1172027 1135650]\n- [usb] ehci: Fix panic on hotplug race condition (Don Zickus) [1172024 1107010]\n- [usb] usb_wwan: replace release and disconnect with a port_remove hook (Stanislaw Gruszka) [1172030 1148615]\n- [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322}\n[2.6.32-504.6.1]\n- [fs] ext4: don't count external journal blocks as overhead (Eric Sandeen) [1168504 1163811]\n- [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163090 1153980] {CVE-2014-7841}\n- [netdrv] e100: fix typo in MDI/MDI-X eeprom check in e100_phy_init (John Greene) [1165985 1156417]\n- [powerpc] Add smp_mb()s to arch_spin_unlock_wait() (Gustavo Duarte) [1165986 1136224]\n- [powerpc] Add smp_mb() to arch_spin_is_locked() (Gustavo Duarte) [1165986 1136224]\n- [kernel] cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags (Aaron Tomlin) [1165002 1045310]\n- [documentation] cpuset: Update the cpuset flag file (Aaron Tomlin) [1165002 1045310]\n- [alsa] control: Make sure that id->index does not overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656}\n- [alsa] control: Handle numid overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656}\n- [s390] mm: fix SIGBUS handling (Hendrik Brueckner) [1169433 1145070]\n- [fs] gfs2: fix bad inode i_goal values during block allocation (Abhijith Das) [1165001 1130684]\n- [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230]\n[2.6.32-504.5.1]\n- [fs] nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG entry (J. Bruce Fields) [1168129 1150675]\n[2.6.32-504.4.1]\n- [fs] nfs: Make sure pre_change_attr is initialized correctly (Scott Mayhew) [1163214 1160042]\n- [usb] ehci: Fix a regression in the ISO scheduler (Gustavo Duarte) [1162072 1145805]", "published": "2015-01-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0087.html", "cvelist": ["CVE-2014-7841", "CVE-2014-9322", "CVE-2014-4656"], "lastseen": "2016-09-04T11:16:14"}, {"id": "ELSA-2015-0102", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[3.10.0-123.20.1]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-123.20.1]\n- [fs] seq_file: don't include mm.h in genksyms calculation (Ian Kent) [1184152 1183280]\n[3.10.0-123.19.1]\n- [mm] shmem: fix splicing from a hole while it's punched (Denys Vlasenko) [1118244 1118245] {CVE-2014-4171}\n- [mm] shmem: fix faulting into a hole, not taking i_mutex (Denys Vlasenko) [1118244 1118245] {CVE-2014-4171}\n- [mm] shmem: fix faulting into a hole while it's punched (Denys Vlasenko) [118244 1118245] {CVE-2014-4171}\n- [x86] traps: stop using IST for #SS (Petr Matousek) [1172812 1172813] {CVE-2014-9322}\n- [net] vxlan: fix incorrect initializer in union vxlan_addr (Daniel Borkmann) [1156611 1130643]\n- [net] vxlan: fix crash when interface is created with no group (Daniel Borkmann) [1156611 1130643]\n- [net] vxlan: fix nonfunctional neigh_reduce() (Daniel Borkmann) [1156611 1130643]\n- [net] vxlan: fix potential NULL dereference in arp_reduce() (Daniel Borkmann) [1156611 1130643]\n- [net] vxlan: remove unused port variable in vxlan_udp_encap_recv() (Daniel Borkmann) [1156611 1130643]\n- [net] vxlan: remove extra newline after function definition (Daniel Borkmann) [1156611 1130643]\n- [net] etherdevice: Use ether_addr_copy to copy an Ethernet address (Stefan Assmann) [1156611 1091126]\n- [fs] splice: perform generic write checks (Eric Sandeen) [1163799 1155907] {CVE-2014-7822}\n- [fs] eliminate BUG() call when there's an unexpected lock on file close (Frank Sorenson) [1172266 1148130]\n- [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163094 1154002] {CVE-2014-7841}\n- [fs] lockd: Try to reconnect if statd has moved (Benjamin Coddington) [1150889 1120850]\n- [fs] sunrpc: Don't wake tasks during connection abort (Benjamin Coddington) [1150889 1120850]\n- [fs] cifs: NULL pointer dereference in SMB2_tcon (Jacob Tanenbaum) [1147528 1147529] {CVE-2014-7145}\n- [net] ipv6: addrconf: implement address generation modes (Jiri Pirko) [1144876 1107369]\n- [net] gre: add link local route when local addr is any (Jiri Pirko) [1144876 1107369]\n- [net] gre6: don't try to add the same route two times (Jiri Pirko) [1144876 1107369]\n- [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142270 1142271] {CVE-2014-5471 CVE-2014-5472}\n- [fs] fs: seq_file: fallback to vmalloc allocation (Ian Kent) [1140302 1095623]\n- [fs] fs: /proc/stat: convert to single_open_size() (Ian Kent) [1140302 1095623]\n- [fs] fs: seq_file: always clear m->count when we free m->buf (Ian Kent) [1140302 1095623]\n[3.10.0-123.18.1]\n- [net] ipv6: fib: fix fib dump restart (Panu Matilainen) [1172795 1163605]\n- [net] ipv6: drop unused fib6_clean_all_ro() function and rt6_proc_arg struct (Panu Matilainen) [1172795 1163605]\n- [net] ipv6: avoid high order memory allocations for /proc/net/ipv6_route (Panu Matilainen) [1172795 1163605]\n- [mm] numa: Remove BUG_ON() in __handle_mm_fault() (Rik van Riel) [1170662 1119439]\n- [fs] aio: fix race between aio event completion and reaping (Jeff Moyer) [1154172 1131312]\n[3.10.0-123.17.1]\n- [ethernet] mlx4: Protect port type setting by mutex (Amir Vadai) [1162733 1095345]\n[3.10.0-123.16.1]\n- [fs] aio: block exit_aio() until all context requests are completed (Jeff Moyer) [1163992 1122092]\n- [fs] aio: add missing smp_rmb() in read_events_ring (Jeff Moyer) [1154172 1131312]\n- [fs] aio: fix reqs_available handling (Jeff Moyer) [1163992 1122092]\n- [fs] aio: report error from io_destroy() when threads race in io_destroy() (Jeff Moyer) [1163992 1122092]\n- [fs] aio: block io_destroy() until all context requests are completed (Jeff Moyer) [1163992 1122092]\n- [fs] aio: v4 ensure access to ctx->ring_pages is correctly serialised for migration (Jeff Moyer) [1163992 1122092]\n- [fs] aio/migratepages: make aio migrate pages sane (Jeff Moyer) [1163992 1122092]\n- [fs] aio: clean up and fix aio_setup_ring page mapping (Jeff Moyer) [1163992 1122092]\n[3.10.0-123.15.1]\n- [scsi] ipr: wait for aborted command responses (Gustavo Duarte) [1162734 1156530]\n- [scsi] reintroduce scsi_driver.init_command (Ewan Milne) [1146983 1105204]\n- [block] implement an unprep function corresponding directly to prep (Ewan Milne) [1146983 1105204]\n- [scsi] Revert: reintroduce scsi_driver.init_command (Ewan Milne) [1146983 1105204]\n[3.10.0-123.14.1]\n- [fs] nfs: Fix another nfs4_sequence corruptor (Steve Dickson) [1162073 1111170]", "published": "2015-01-28T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0102.html", "cvelist": ["CVE-2014-7822", "CVE-2014-7841", "CVE-2014-9322", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7145", "CVE-2014-5471"], "lastseen": "2016-09-04T11:16:44"}, {"id": "ELSA-2015-0290", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "description": "[3.10.0-229]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229]\n- [net] rtnetlink: allow to register ops without ops->setup set (Jiri Benc) [1186492]\n[3.10.0-228]\n- [fs] NFSv4.1: Fix an Oops in nfs41_walk_client_list (Steve Dickson) [1185784]\n- [misc] redhat: dont suppress Revert patches from changelog (Jarod Wilson) [1187353]\n- [infiniband] Revert: ipoib: Consolidate rtnl_lock tasks in workqueue (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: Make the carrier_on_task race aware (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: fix MCAST_FLAG_BUSY usage (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: fix mcast_dev_flush/mcast_restart_task race (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: change init sequence ordering (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: Use dedicated workqueues per interface (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: Make ipoib_mcast_stop_thread flush the workqueue (Doug Ledford) [1179740]\n- [infiniband] Revert: ipoib: No longer use flush as a parameter (Doug Ledford) [1179740]\n- [fs] fix deadlock in cifs_ioctl_clone() (Sachin Prabhu) [1183980]\n- [md] dm-cache: fix missing ERR_PTR returns and handling (Mike Snitzer) [1182665]\n- [fs] cifs: fix regression in cifs_create_mf_symlink() (Sachin Prabhu) [1186324]\n- [net] ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [1181819]\n- [fs] coredump: add new P variable in core_pattern (Jiri Olsa) [1186360]\n- [drm] fix fb-helper vs MST dangling connector ptrs (Rob Clark) [1184968]\n- [net] bridge: Program port vlan filters only if filtering is enabled in bridge (Vlad Yasevich) [1183958]\n- [fs] cifs: Complete oplock break jobs before closing file handle (Sachin Prabhu) [1177215]\n- [fs] LOCKD: Fix a race when initialising nlmsvc_timeout (Benjamin Coddington) [1144982]\n- [scsi] hpsa: add in P840ar controller model name (Joseph Szczypek) [1185467]\n- [scsi] hpsa: add in gen9 controller model names (Joseph Szczypek) [1185467]\n[3.10.0-227]\n- [fs] ext4: fix overwrite race condition (Jacob Tanenbaum) [1152607] {CVE-2014-8086}\n- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1167116] {CVE-2014-8884}\n- [drm] i915: demote opregion excessive timeout WARN_ONCE to DRM_INFO_ONCE (Rob Clark) [1145627]\n- [md] Revert: raid56: Dont perform reads to support writes until stripe is ready (Jes Sorensen) [1153796]\n- [md] Revert: raid5: avoid livelock caused by non-aligned writes (Jes Sorensen) [1153796]\n- [drm] i915: further quiet i915 (Rob Clark) [1163074]\n- [scsi] megaraid_sas: endianness related bug fixes and code optimization (Tomas Henzl) [1179748]\n- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1172136]\n- [drm] mgag200: Add command line option to specify preferred depth (Dave Airlie) [1044555]\n- [drm] mgag200: Consolidate depth/bpp handling (Dave Airlie) [1044555]\n- [fs] Revert: ext4: revert Disable punch hole on non-extent mapped files (Lukas Czerner) [1176840]\n[3.10.0-226]\n- [md] dm-cache: fix problematic dual use of a single migration count variable (Mike Snitzer) [1182665]\n- [md] dm-cache: share cache-metadata object across inactive and active DM tables (Mike Snitzer) [1182665]\n- [net] tun/macvtap: use consume_skb() instead of kfree_skb() when needed (Jiri Pirko) [1182805]\n- [virt] Revert: hyperv: Add handler for RNDIS_STATUS_NETWORK_CHANGE event (Jason Wang) [1164163]\n- [virt] kvm/vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153329] {CVE-2014-3690}\n- [virt] virtio-scsi: Fix the race condition in virtscsi_handle_event (Fam Zheng) [1152140]\n- [virt] kvm: workaround SuSEs 2.6.16 pvclock vs masterclock issue (Marcelo Tosatti) [1177718]\n- [fs] bdi: avoid oops on device removal (Fam Zheng) [1087179]\n- [mm] backing_dev: fix hung task on sync (Fam Zheng) [1087179]\n- [mm] Revert: vmstat: create separate function to fold per cpu diffs into local counters (Larry Woodman) [1179654]\n- [mm] Revert: vmstat: create fold_diff (Larry Woodman) [1179654]\n- [mm] Revert: vmstat: use this_cpu() to avoid irqon/off sequence in refresh_cpu_vm_stats (Larry Woodman) [1179654]\n- [mm] Revert: vmstat: on-demand vmstat workers V8 (Larry Woodman) [1179654]\n[3.10.0-225]\n- [net] team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin (Jiri Pirko) [1176697]\n- [fs] seq_file: dont include mm.h in genksyms calculation (Ian Kent) [1183280]\n- [scsi] Avoid crashing if device uses DIX but adapter does not support it (Ewan Milne) [1093012]\n[3.10.0-224]\n- [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Eric Sandeen) [1164128]\n- [fs] proc: make proc_fd_permission() thread-friendly (Carlos Maiolino) [1171242]\n- [fs] rpc: fix xdr_truncate_encode to handle buffer ending on page boundary ('J. Bruce Fields') [1176641]\n- [fs] nfs: nfs4_fl_prepare_ds, fix bugs when the connect attempt fails (Steve Dickson) [1113248]\n- [fs] gfs2: fix bad inode i_goal values during block allocation (Abhijith Das) [1144209]\n- [fs] nfsd: allow turning off nfsv3 readdir_plus (Steve Dickson) [1178949]\n- [fs] nfsd4: fix xdr4 count of server in fs_location4 (Benjamin Coddington) [1164055]\n- [fs] nfsd4: fix xdr4 inclusion of escaped char (Benjamin Coddington) [1164055]\n- [fs] xfs: replace global xfslogd wq with per-mount wq (Brian Foster) [1155929]\n- [fs] xfs: mark all internal workqueues as freezable (Brian Foster) [1155929]\n- [fs] overlayfs: Add call to mark_tech_preview (BZ 1180613) (David Howells) [1180613]\n- [fs] aio: fix uncorrent dirty pages accouting when truncating AIO ring buffer (Jeff Moyer) [1159346]\n- [infiniband] ocrdma: fix hardcoded max cqe and max send wr (Doug Ledford) [1158148]\n- [crypto] aesni-intel: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1176266]\n- [block] blk-mq: Fix a use-after-free (Fam Zheng) [1152159]\n- [crypto] drbg: panic on continuous self test error (Jarod Wilson) [1179496]\n- [ethernet] mlx4: Cache line CQE/EQE stride fixes (Doug Ledford) [1088499 1173483]\n- [ethernet] mlx4: Add mlx4_en_get_cqe helper (Doug Ledford) [1088499 1173483]\n- [ethernet] mlx4: Cache line EQE size support (Doug Ledford) [1088499 1173483]\n- [infiniband] ocrdma: Fix ocrdma_query_qp() to report q_key value for UD QPs (Doug Ledford) [1167256]\n- [infiniband] ocrdma: Always resolve destination mac from GRH for UD QPs (Doug Ledford) [1167256]\n- [net] gre: fix the inner mac header in nbma tunnel xmit path (Alexander Duyck) [1168608]\n[3.10.0-223]\n- [md] dm-thin: fix crash by initializing thin devices refcount and completion earlier (Mike Snitzer) [1175282]\n- [scsi] storvsc: Fix a bug in storvsc limits (Vitaly Kuznetsov) [1174162]\n- [iser-target] Ignore non TEXT + LOGOUT opcodes for discovery (Andy Grover) [1058736]\n- [iser-target] Add support for ISCSI_OP_TEXT opcode + payload handling (Andy Grover) [1058736]\n- [iser-target] Rename sense_buf_dma/len to pdu_dma/len (Andy Grover) [1058736]\n- [iscsi-target] Add IFC_SENDTARGETS_SINGLE support (Andy Grover) [1058736]\n- [iscsi-target] Move sendtargets parsing into iscsit_process_text_cmd (Andy Grover) [1058736]\n- [iscsi-target] Allow ->MaxXmitDataSegmentLength assignment for iser discovery (Andy Grover) [1058736]\n- [iscsi-target] Refactor ISCSI_OP_TEXT_RSP TX handling (Andy Grover) [1058736]\n- [iscsi-target] Refactor ISCSI_OP_TEXT RX handling (Andy Grover) [1058736]\n- [iscsi] isert-target: Refactor ISCSI_OP_NOOP RX handling (Andy Grover) [1058736]\n- [net] description of dma_cookie cause make xmldocs warning (Jiri Benc) [1173444]\n- [net] tcp: make tcp_cleanup_rbuf private (Jiri Benc) [1173444]\n- [net] net_dma: revert 'copied_early' (Jiri Benc) [1173444]\n- [net] net_dma: mark broken (Jiri Benc) [1173444]\n- [net] unix: allow set_peek_off to fail (Jiri Benc) [1123777]\n- [net] ppp: ppp-ioctl.h: pull in ppp_defs.h (Jiri Benc) [1159802]\n- [net] bridge: Add filtering support for default_pvid (Vlad Yasevich) [1164653]\n- [net] bridge: Simplify pvid checks (Vlad Yasevich) [1164653]\n- [net] bridge: Add a default_pvid sysfs attribute (Vlad Yasevich) [1164653]\n- [net] bridge: Prepare for 802.1ad vlan filtering support (Vlad Yasevich) [1164653]\n- [net] bridge: Fix the way to check if a local fdb entry can be deleted (Vlad Yasevich) [1164653]\n- [net] bridge: Fix the way to insert new local fdb entries in br_fdb_changeaddr (Vlad Yasevich) [1164653]\n- [net] Remove extern from function prototypes (Vlad Yasevich) [1164653]\n- [ethernet] mlx5: Add more supported devices (Amir Vadai) [1169277]\n- [infiniband] mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach (Amir Vadai) [1151331]\n- [ethernet] mlx4: mlx4_en_set_settings() always fails when autoneg is set (Amir Vadai) [1170129]\n[3.10.0-222]\n- [scsi] qla2xxx: Update version number to 8.07.00.08.07.1-k2 (Chad Dupuis) [1085239]\n- [scsi] qla2xxx: Move mailbox failure messages to a default debug level (Chad Dupuis) [1085239]\n- [security] commoncap: dont alloc the credential unless needed in cap_task_prctl (Paul Moore) [1056347]\n- [iommu] vt-d: Fix dmar_domain leak in iommu_attach_device (Myron Stowe) [1109829]\n- [iommu] vt-d: Only remove domain when device is removed (Myron Stowe) [1109829]\n- [base] core: Add BUS_NOTIFY_REMOVED_DEVICE event (Myron Stowe) [1109829]\n- [powerpc] kdump: Ignore failure in enabling big endian exception during crash (Steve Best) [1170362]\n- [infiniband] srpt: convert printks to pr_* functions (Doug Ledford) [1174910]\n- [infiniband] srpt: Handle GID change events (Doug Ledford) [1174910]\n- [input] alps: fix v4 button press recognition (Benjamin Tissoires) [1107819]\n- [input] alps: v7 - document the v7 touchpad packet protocol (Benjamin Tissoires) [1107819]\n- [input] alps: v7 - fix finger counting for > 2 fingers on clickpads (Benjamin Tissoires) [1107819]\n- [input] alps: v7 - sometimes a single touch is reported in mt[1] (Benjamin Tissoires) [1107819]\n- [input] alps: v7 - ignore new packets (Benjamin Tissoires) [1107819]\n- [powerpc] perf/hv-24x7: Use kmem_cache_free() instead of kfree (Gustavo Duarte) [1171795]\n- [powerpc] perf/hv-24x7: Use per-cpu page buffer (Gustavo Duarte) [1171795]\n- [powerpc] perf/hv-24x7: use kmem_cache instead of aligned stack allocations (Gustavo Duarte) [1171795]\n- [powerpc] perf/hv-24x7: Use kmem_cache_free (Gustavo Duarte) [1171795]\n- [powerpc] Fill in si_addr_lsb siginfo field (Gustavo Duarte) [1173267]\n- [powerpc] Add VM_FAULT_HWPOISON handling to powerpc page fault handler (Gustavo Duarte) [1173267]\n- [fs] dlm: fix missing endian conversion of rcom_status flags (Andrew Price) [1175900]\n- [scsi] add Intel Multi-Flex to scsi scan blacklist (Hannes Frederic Sowa) [1175862]\n- [scsi] do not issue SCSI RSOC command to Promise Vtrak E610f (Hannes Frederic Sowa) [1175862]\n- [scsi] scsi_lib: rate-limit the error message from failing commands (Tomas Henzl) [1175785]\n- [scsi] iscsi_ibft: Fix finding Broadcom specific ibft sign (Chris Leech) [1095169]\n[3.10.0-221]\n- [ethernet] enic: fix rx skb checksum (Stefan Assmann) [1154182]\n- [x86] uv: make kdump default action for 'power nmi' (George Beshers) [1175560]\n- [virt] powerpc/kvm: book3s_hv - Fix KSM memory corruption (David Gibson) [1170394]\n- [pci] Revert: Remove from bus_list and release resources in pci_release_dev() (Prarit Bhargava) [1172946]\n- [powercap] rapl: add support for CPU model 0x3f (Rui Wang) [1177579]\n- [kernel] audit: dont attempt to lookup PIDs when changing PID filtering audit rules (Paul Moore) [1172624]\n- [ethernet] ixgbe: avoid possible read_reg panic caused by late method binding (John Greene) [1145772]\n- [ethernet] ixgbe: bump version number (John Greene) [1145772]\n- [ethernet] ixgbe: Add X550 support function pointers (John Greene) [1145772]\n- [ethernet] ixgbe: Add new support for X550 MACs (John Greene) [1145772]\n- [ethernet] ixgbe: Add x550 SW/FW semaphore support (John Greene) [1145772]\n- [ethernet] ixgbe: add methods for combined read and write operations (John Greene) [1145772]\n- [ethernet] ixgbe: cleanup checksum to allow error results (John Greene) [1145772]\n- [ethernet] ixgbe: Add timeout parameter to ixgbe_host_interface_command (John Greene) [1145772]\n- [ethernet] ixgbe: Fix spurious release o f s e m a p h o r e i n E E P R O M a c c e s s ( J o h n G r e e n e ) [ 1 1 4 5 7 7 2 ] b r > - [ d r m ] i 9 1 5 : r e m o v e t h e I R Q s e n a b l e d W A R N f r o m i n t e l _ d i s a b l e _ g t _ p o w e r s a v e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : t a m e t h e c h a t t e r m o u t h ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : A v o i d m e m o r y a l l o c a t i o n f r o m s h r i n k e r f u n c t i o n s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : F i x p o s s i b l e s t a c k o v e r f l o w b y r e c u r s i v e s h r i n k e r c a l l s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : U s e m u t e x _ t r y l o c k ( ) t o a v o i d d e a d l o c k i n s i d e s h r i n k e r f u n c t i o n s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] v i d e o / f b : P r o p a g a t e e r r o r c o d e f r o m f a i l i n g t o u n r e g i s t e r c o n f l i c t i n g f b ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : s a v e / r e s t o r e G M B U S f r e q a c r o s s s u s p e n d / r e s u m e o n g e n 4 ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : r e s u m e M S T a f t e r r e a d i n g b a c k h w s t a t e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] d p - m s t : R e m o v e b r a n c h e s b e f o r e d r o p p i n g t h e r e f e r e n c e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] f b _ h e l p e r : m o v e d e f e r r e d f b c h e c k i n g i n t o r e s t o r e m o d e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] d p : r e t r y A U X t r a n s a c t i o n s 3 2 t i m e s ( v 1 . 1 ) ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : I g n o r e l o n g h p d s o n e D P p o r t s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 / d p : o n l y u s e t r a i n i n g p a t t e r n 3 o n p l a t f o r m s t h a t s u p p o r t i t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : s y n c a l l B O s i n v o l v e d i n a C S ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : k e r n e l p a n i c i n d r m _ c a l c _ v b l t i m e s t a m p _ f r o m _ s c a n o u t p o s w i t h 3 . 1 8 . 0 - r c 6 ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : U n l o c k p a n e l e v e n w h e n L V D S i s d i s a b l e d ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : M o r e c a u t i o u s w i t h p c h f i f o u n d e r r u n s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : I g n o r e S U R F L I V E a n d f l i p c o u n t e r w h e n t h e G P U g e t s r e s e t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : K i c k f b d e v b e f o r e v g a c o n ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : H a n d l e f a i l u r e t o k i c k o u t a c o n f l i c t i n g f b d r i v e r ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : d r o p W a S e t u p G t M o d e T d R o w D i s p a t c h : s n b ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d l o c k i n g a r o u n d a t o m b i o s s c r a t c h s p a c e u s a g e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d m i s s i n g c r t c u n l o c k w h e n s e t t i n g u p t h e M C ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : D i s a b l e c a c h e s f o r G l o b a l G T T ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : D o n o t l e a k p a g e s w h e n f r e e i n g u s e r p t r o b j e c t s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] a s t : F i x H W c u r s o r i m a g e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : U s e d r m _ m a l l o c _ a b i n s t e a d o f k m a l l o c _ a r r a y ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / d p m : d i s a b l e u l v s u p p o r t o n S I ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : D o a d u m m y D P C D r e a d b e f o r e t h e a c t u a l r e a d ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / b i o s : m e m s e t d c b s t r u c t t o z e r o b e f o r e p a r s i n g ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n v 5 0 / d i s p : f i x d p m s r e g r e s s i o n o n c e r t a i n b o a r d s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / l t c : f i x c b c i s s u e s o n c e r t a i n b o a r d s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / l t c : f i x t a g b a s e a d d r e s s g e t t i n g t r u n c a t e d i f a b o v e 4 G i B ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n v c 0 - / f b / r a m : f i x u s e o f n o n - e x i s t a n t r a m i f p a r t i t i o n s a r e n t u n i f o r m ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / b a r : b e h a v e b e t t e r i f i o r e m a p f a i l e d ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u : m a k e s u r e d i s p l a y h a r d w a r e i s r e i n i t i a l i s e d o n r u n t i m e r e s u m e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u : p u n t f b c o n r e s u m e o u t t o a w o r k q u e u e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / k m s : r e s t o r e a c c e l e r a t i o n b e f o r e f b _ s e t _ s u s p e n d ( ) r e s u m e s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u / k m s : t a k e m o r e c a r e w h e n p u l l i n g d o w n a c c e l e r a t e d f b c o n ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : F l u s h t h e P T E s a f t e r u p d a t i n g t h e m b e f o r e s u s p e n d ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] r a d e o n / c i k : u s e a s e p a r a t e c o u n t e r f o r C P i n i t t i m e o u t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / d p m : f i x r e s u m e o n m u l l i n s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : d o n t r e s e t d m a o n r 6 x x - e v e r g r e e n i n i t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : d o n t r e s e t s d m a o n C I K i n i t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : d o n t r e s e t d m a o n N I / S I i n i t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d c o n n e c t o r q u i r k f o r f u j i t s u b o a r d ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / d p m : s e t t h e t h e r m a l t y p e p r o p e r l y f o r s p e c i a l c o n f i g s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : f i x s e m a p h o r e v a l u e i n i t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : h a n d l e b r o k e n d i s a b l e d r b m a s k g r a c e f u l l y ( 6 x x / 7 x x ) ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : f i x a c t i v e _ c u m a s k o n S I a n d C I K a f t e r r e - i n i t ( v 3 ) ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : f i x a c t i v e c u c o u n t f o r S I a n d C I K ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : f i x p m h a n d l i n g i n r a d e o n _ g p u _ r e s e t ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : p r o p e r l y d o c u m e n t r e l o c p r i o r i t y m a s k ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / d p m : s e l e c t t h e a p p r o p r i a t e v c e p o w e r s t a t e f o r K V / K B / M L ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : A d d m i s s i n g l i n e s t o c i _ s e t _ t h e r m a l _ t e m p e r a t u r e _ r a n g e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : A d d a b i l i t y t o g e t a n d c h a n g e d p m s t a t e w h e n r a d e o n P X c a r d i s t u r n e d o f f ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] v m w g f x : F i x a p o t e n t i a l i n f i n i t e s p i n w a i t i n g f o r f i f o i d l e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] a s t : A S T 2 0 0 0 c a n n o t b e d e t e c t e d c o r r e c t l y ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] a s t : o p e n k e y b e f o r e d e t e c t c h i p s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] i 9 1 5 : D o n t l e a k c o m m a n d p a r s e r t a b l e s o n s u s p e n d / r e s u m e ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 / h d m i : f i x h d m i a u d i o s t a t e r e a d o u t ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : W a i t f o r v b l a n k b e f o r e e n a b l i n g t h e T V e n c o d e r ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : F i x E I O / w e d g e d h a n d l i n g i n g e m f a u l t h a n d l e r ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : F i x l o c k d r o p p i n g i n i n t e l _ t v _ d e t e c t ( ) ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : R e m o v e b o g u s _ _ i n i t a n n o t a t i o n f r o m D M I c a l l b a c k s ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : I g n o r e V B T b a c k l i g h t p r e s e n c e c h e c k o n A c e r C 7 2 0 ( 4 0 0 5 U ) ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : f i x p l a n e / c u r s o r h a n d l i n g w h e n r u n t i m e s u s p e n d e d ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : d o n t t r y t o r e t r a i n a D P l i n k o n a n i n a c t i v e C R T C ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : F i x l o c k i n g f o r i n t e l _ e n a b l e _ p i p e _ a ( ) ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : S k i p l o a d d e t e c t w h e n i n t e l _ c r t c - > n e w _ e n a b l e = = t r u e ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : D i s a b l e R C S f l i p s o n I v y b r i d g e ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : r e a d H E A D r e g i s t e r b a c k i n i n i t _ r i n g _ c o m m o n ( ) t o e n f o r c e o r d e r i n g ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] i 9 1 5 : F i x c r a s h w h e n f a i l i n g t o p a r s e M I P I V B T ( R o b C l a r k ) [ 1 1 5 3 3 0 1 ] b r > - [ d r m ] r a d e o n : t w e a k A C C E L _ W O R K I N G 2 q u e r y f o r h a w a i i ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / a t o m : a d d n e w v o l t a g e f e t c h f u n c t i o n f o r h a w a i i ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : s e t V M b a s e a d d r u s i n g t h e P F P ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : l o a d t h e l m 6 3 d r i v e r f o r a n l m 6 4 t h e r m a l c h i p ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : r e - e n a b l e d p m b y d e f a u l t o n B T C ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : r e - e n a b l e d p m b y d e f a u l t o n c a y m a n ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n / d p m : h a n d l e v o l t a g e i n f o f e t c h i n g o n h a w a i i ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : C h o o s e a p o o l t o s h r i n k c o r r e c t l y i n t t m _ d m a _ p o o l _ s h r i n k _ s c a n ( ) ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : F i x p o s s i b l e d i v i s i o n b y 0 i n t t m _ d m a _ p o o l _ s h r i n k _ s c a n ( ) ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] t t m : f i x h a n d l i n g o f T T M _ P L _ F L A G _ T O P D O W N ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u : B u m p v e r s i o n f r o m 1 . 1 . 1 t o 1 . 1 . 2 ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] n o u v e a u : D i s / E n a b l e v b l a n k i r q s d u r i n g s u s p e n d / r e s u m e ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d a d d i t i o n a l S I p c i i d s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d n e w b o n a i r e p c i i d s ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ d r m ] r a d e o n : a d d n e w K V p c i i d ( R o b C l a r k ) [ 1 1 7 3 3 1 7 ] b r > - [ p o w e r p c ] a d d l i t t l e e n d i a n f l a g t o s y s c a l l _ g e t _ a r c h ( ) ( R i c h a r d G u y B r i g g s ) [ 1 1 6 9 4 6 1 ] b r > - [ p o w e r p c ] s i m p l i f y s y s c a l l _ g e t _ a r c h ( ) ( R i c h a r d G u y B r i g g s ) [ 1 1 6 9 4 6 1 ] b r > b r > [ 3 . 1 0 . 0 - 2 2 0 ] b r > - [ s c s i ] l i b c x g b i : f i x f r e e i n g s k b p r e m a t u r e l y ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : u s e s e t _ w r _ t x q ( ) t o s e t t x q u e u e s ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : h a n d l e n o n - p d u - a l i g n e d r x d a t a ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : a d d i t i o n a l t y p e s o f n e g a t i v e a d v i c e ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : s e t t h e m a x . p d u l e n g t h i n f i r m w a r e ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : f i x c r e d i t c h e c k f o r t x _ d a t a _ w r ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ s c s i ] c x g b 4 i : f i x t x i m m e d i a t e d a t a c r e d i t c h e c k ( S a i V e m u r i ) [ 1 1 7 4 9 8 2 ] b r > - [ n e t ] i p v 6 : u p d a t e D e s t i n a t i o n C a c h e e n t r i e s w h e n g a t e w a y t u r n i n t o h o s t ( J i r i P i r k o ) [ 1 1 1 4 7 8 1 ] b r > - [ n e t ] i p s e c : D o n t u p d a t e t h e p m t u o n I C M P V 6 _ D E S T _ U N R E A C H ( H e r b e r t X u ) [ 1 1 5 8 7 7 1 ] b r > - [ s 3 9 0 ] z f c p : r e m o v e a c c e s s c o n t r o l t a b l e s i n t e r f a c e ( p o r t l e f t o v e r s ) ( H e n d r i k B r u e c k n e r ) [ 1 1 7 3 5 5 3 ] b r > - [ x 8 6 ] p e r f : U s e e x t e n d e d o f f c o r e m a s k o n H a s w e l l ( D o n Z i c k u s ) [ 1 1 7 0 7 9 5 ] b r > - [ f s ] o v l : o v l _ d i r _ f s y n c ( ) c l e a n u p ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : p a s s d e n t r y i n t o o v l _ d i r _ r e a d _ m e r g e d ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : u s e l o c k l e s s _ d e r e f e r e n c e ( ) f o r u p p e r d e n t r y ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : a l l o w f i l e n a m e s w i t h c o m m a ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : f i x r a c e i n p r i v a t e x a t t r c h e c k s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : f i x r e m o v e / c o p y - u p r a c e ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v l : r e n a m e f i l e s y s t e m t y p e t o ' o v e r l a y ' ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] D o n t w a r n i f b o t h - > r e n a m e ( ) a n d - > r e n a m e 2 ( ) i o p s a r e d e f i n e d ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : F i x t h e k A B I f o r o v e r l a y f s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : d o n t p o i s o n c u r s o r ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : i n i t i a l i z e - > i s _ c u r s o r ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : f i x l o c k d e p m i s a n n o t a t i o n ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : f i x c h e c k f o r c u r s o r ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : b a r r i e r s f o r o p e n i n g u p p e r - l a y e r d i r e c t o r y ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ k e r n e l ] r c u : P r o v i d e c o u n t e r p a r t t o r c u _ d e r e f e r e n c e ( ) f o r n o n - R C U s i t u a t i o n s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : e m b e d m i d d l e i n t o o v e r l a y _ r e a d d i r _ d a t a ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : e m b e d r o o t i n t o o v e r l a y _ r e a d d i r _ d a t a ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : m a k e o v l _ c a c h e _ e n t r y - > n a m e a n a r r a y i n s t e a d o f p o i n t e r ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : d o n t h o l d - > i _ m u t e x o v e r o p e n i n g t h e r e a l d i r e c t o r y ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : l i m i t f i l e s y s t e m s t a c k i n g d e p t h ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : o v e r l a y f i l e s y s t e m d o c u m e n t a t i o n ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : i m p l e m e n t s h o w _ o p t i o n s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : a d d s t a t f s s u p p o r t ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] o v e r l a y f s : f i l e s y s t e m ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ m m ] s h m e m : s u p p o r t R E N A M E _ W H I T E O U T ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] e x t 4 : s u p p o r t R E N A M E _ W H I T E O U T ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d R E N A M E _ W H I T E O U T ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d w h i t e o u t s u p p o r t ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : e x p o r t c h e c k _ s t i c k y ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : i n t r o d u c e c l o n e _ p r i v a t e _ m o u n t ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : e x p o r t _ _ i n o d e _ p e r m i s s i o n ( ) t o m o d u l e s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : e x p o r t d o _ s p l i c e _ d i r e c t ( ) t o m o d u l e s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d i _ o p - > d e n t r y _ o p e n ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] n a m e i : t r i v i a l f i x t o v f s _ r e n a m e _ d i r c o m m e n t ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] c i f s : s u p p o r t R E N A M E _ N O R E P L A C E ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] h o s t f s : s u p p o r t r e n a m e f l a g s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ m m ] s h m e m : s u p p o r t R E N A M E _ E X C H A N G E ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ m m ] s h m e m : s u p p o r t R E N A M E _ N O R E P L A C E ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] b t r f s : a d d R E N A M E _ N O R E P L A C E ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] b a d _ i n o d e : a d d - > r e n a m e 2 ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] c a l l r e n a m e 2 i f e x i s t s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] f u s e : r e s t r u c t u r e - > r e n a m e 2 ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] f u s e : a d d r e n a m e a t 2 s u p p o r t ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] d c a c h e : f i x r a c e s b e t w e e n _ _ d _ i n s t a n t i a t e ( ) a n d c h e c k s o f d e n t r y f l a g s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] e x t 4 : a d d c r o s s r e n a m e s u p p o r t ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d c r o s s - r e n a m e ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : l o c k _ t w o _ n o n d i r e c t o r i e s - a l l o w d i r e c t o r y a r g s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ s e c u r i t y ] a d d f l a g s t o r e n a m e h o o k s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d R E N A M E _ N O R E P L A C E f l a g ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d r e n a m e a t 2 s y s c a l l ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] n a m e i : u s e c o m m o n c o d e f o r d i r a n d n o n - d i r ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] n a m e i : m o v e d _ m o v e ( ) u p ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : a d d d _ i s _ d i r ( ) ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > - [ f s ] v f s : P u t a s m a l l t y p e f i e l d i n t o s t r u c t d e n t r y : : d _ f l a g s ( D a v i d H o w e l l s ) [ 9 8 5 8 7 5 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 9 ] b r > - [ m m ] v m s t a t : o n - d e m a n d v m s t a t w o r k e r s V 8 ( L a r r y W o o d m a n ) [ 1 1 5 7 8 0 2 ] b r > - [ m m ] v m s t a t : u s e t h i s _ c p u ( ) t o a v o i d i r q o n / o f f s e q u e n c e i n r e f r e s h _ c p u _ v m _ s t a t s ( L a r r y W o o d m a n ) [ 1 1 5 7 8 0 2 ] b r > - [ m m ] v m s t a t : c r e a t e f o l d _ d i f f ( L a r r y W o o d m a n ) [ 1 1 5 7 8 0 2 ] b r > - [ m m ] v m s t a t : c r e a t e s e p a r a t e f u n c t i o n t o f o l d p e r c p u d i f f s i n t o l o c a l c o u n t e r s ( L a r r y W o o d m a n ) [ 1 1 5 7 8 0 2 ] b r > - [ b l o c k ] b l k - m q : F i x u n i n i t i a l i z e d k o b j e c t a t C P U h o t p l u g g i n g ( J e f f M o y e r ) [ 1 1 6 9 2 3 2 ] b r > - [ k e r n e l ] a u d i t : A U D I T _ F E A T U R E _ C H A N G E m e s s a g e f o r m a t m i s s i n g d e l i m i t i n g s p a c e ( R i c h a r d G u y B r i g g s ) [ 1 1 6 5 4 6 9 ] b r > - [ f s ] N F S v 4 . 1 : n f s 4 1 _ c l e a r _ d e l e g a t i o n _ s t a t e i d s h o u l d n t t r u s t N F S _ D E L E G A T E D _ S T A T E ( S t e v e D i c k s o n ) [ 1 1 6 6 8 4 5 ] b r > - [ f s ] N F S v 4 : F i x r a c e s b e t w e e n n f s _ r e m o v e _ b a d _ d e l e g a t i o n ( ) a n d d e l e g a t i o n r e t u r n ( S t e v e D i c k s o n ) [ 1 1 6 6 8 4 5 ] b r > - [ f s ] N F S : D o n t t r y t o r e c l a i m d e l e g a t i o n o p e n s t a t e i f r e c o v e r y f a i l e d ( S t e v e D i c k s o n ) [ 1 1 6 6 8 4 5 ] b r > - [ f s ] N F S v 4 : E n s u r e t h a t w e c a l l F R E E _ S T A T E I D w h e n N F S v 4 . x s t a t e i d s a r e r e v o k e d ( S t e v e D i c k s o n ) [ 1 1 6 6 8 4 5 ] b r > - [ f s ] N F S v 4 : E n s u r e t h a t w e r e m o v e N F S v 4 . 0 d e l e g a t i o n s w h e n s t a t e h a s e x p i r e d ( S t e v e D i c k s o n ) [ 1 1 6 6 8 4 5 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 8 ] b r > - [ s c s i ] c x g b 4 i : D o n t b l o c k u n l o a d / c x g b 4 u n l o a d w h e n r e m o t e c l o s e s T C P c o n n e c t i o n ( S a i V e m u r i ) [ 1 1 6 9 9 4 1 ] b r > - [ k e r n e l ] k t h r e a d : p a r t i a l r e v e r t o f 8 1 c 9 8 8 6 9 f a a 5 ( ' k t h r e a d : e n s u r e l o c a l i t y o f t a s k _ s t r u c t a l l o c a t i o n s ' ) ( G u s t a v o D u a r t e ) [ 9 5 3 5 8 3 ] b r > - [ m m ] s l u b : f a l l b a c k t o n o d e _ t o _ m e m _ n o d e ( ) n o d e i f a l l o c a t i n g o n m e m o r y l e s s n o d e ( G u s t a v o D u a r t e ) [ 9 5 3 5 8 3 ] b r > - [ m m ] t o p o l o g y : a d d s u p p o r t f o r n o d e _ t o _ m e m _ n o d e ( ) t o d e t e r m i n e t h e f a l l b a c k n o d e ( G u s t a v o D u a r t e ) [ 9 5 3 5 8 3 ] b r > - [ m m ] s l u b : s e a r c h p a r t i a l l i s t o n n u m a _ m e m _ i d ( ) , i n s t e a d o f n u m a _ n o d e _ i d ( ) ( G u s t a v o D u a r t e ) [ 9 5 3 5 8 3 ] b r > - [ k e r n e l ] k t h r e a d : e n s u r e l o c a l i t y o f t a s k _ s t r u c t a l l o c a t i o n s ( G u s t a v o D u a r t e ) [ 9 5 3 5 8 3 ] b r > - [ m d ] d m - t h i n : f i x m i s s i n g o u t - o f - d a t a - s p a c e t o w r i t e m o d e t r a n s i t i o n i f b l o c k s a r e r e l e a s e d ( M i k e S n i t z e r ) [ 1 1 7 3 1 8 1 ] b r > - [ m d ] d m - t h i n : f i x i n a b i l i t y t o d i s c a r d b l o c k s w h e n i n o u t - o f - d a t a - s p a c e m o d e ( M i k e S n i t z e r ) [ 1 1 7 3 1 8 1 ] b r > - [ w i r e l e s s ] i w l w i f i / m v m : u p d a t e v a l u e s f o r S m a r t F i f o ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / d v m : f i x f l u s h s u p p o r t f o r o l d f i r m w a r e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] a t h 5 k : f i x h a r d w a r e q u e u e i n d e x a s s i g n m e n t ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] a t h 9 k : f i x B E / B K q u e u e o r d e r ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] a t h 9 k _ h w : f i x h a r d w a r e q u e u e a l l o c a t i o n ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] a t h 9 k : F i x R T C _ D E R I V E D _ C L K u s a g e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t 2 x 0 0 : d o n o t a l i g n p a y l o a d o n m o d e r n H / W ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : F i x r e g r e s s i o n t h a t t r i g g e r s a k e r n e l B U G w i t h C C M P ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i : f i x R F k i l l w h i l e c a l i b r a t i n g ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : f i x u s e - a f t e r - f r e e i n d e f r a g m e n t a t i o n ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : p r o p e r l y f l u s h d e l a y e d s c a n w o r k o n i n t e r f a c e r e m o v a l ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : s c h e d u l e t h e a c t u a l s w i t c h o f t h e s t a t i o n b e f o r e C S A c o u n t 0 ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : u s e s e c o n d a r y c h a n n e l o f f s e t I E a l s o b e a c o n s d u r i n g C S A ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t 2 x 0 0 : a d d n e w r t 2 8 0 0 u s b d e v i c e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] R e v e r t : i w l w i f i / m v m : t r e a t E A P O L s l i k e m g m t f r a m e s w r t r a t e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / d v m : d r o p n o n V O f r a m e s w h e n f l u s h i n g ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i : c o n f i g u r e t h e L T R ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] m a c 8 0 2 1 1 : f i x t y p o i n s t a r t i n g b a s e r a t e f o r r t s _ c t s _ r a t e _ i d x ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t 2 x 0 0 : a d d n e w r t 2 8 0 0 u s b d e v i c e s ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t 2 x 0 0 : s u p p o r t R a l i n k 5 3 6 2 ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] R e v e r t : a t h 9 k : r e d u c e A N I f i r s t e p r a n g e f o r o l d e r c h i p s ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t 2 8 0 0 : c o r r e c t B B P 1 _ T X _ P O W E R _ C T R L m a s k ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i : A d d m i s s i n g P C I I D s f o r t h e 7 2 6 0 s e r i e s ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / m v m : d i s a b l e B T C o - r u n n i n g b y d e f a u l t ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] n l 8 0 2 1 1 : c l e a r s k b c b b e f o r e p a s s i n g t o n e t l i n k ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] a t h 9 k / h t c : f i x r a n d o m d e c r y p t i o n f a i l u r e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] b r c m f m a c : h a n d l e I F e v e n t f o r P 2 P _ D E V I C E i n t e r f a c e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] R e v e r t : m a c 8 0 2 1 1 : d i s a b l e u A P S D i f a l l A C s a r e u n d e r A C M ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] r t l w i f i / r t l 8 1 9 2 c u : A d d n e w I D ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / m v m : s e t M A C _ F I L T E R _ I N _ B E A C O N c o r r e c t l y f o r S T A / P 2 P c l i e n t ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / m v m : t r e a t E A P O L s l i k e m g m t f r a m e s w r t r a t e ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i : i n c r e a s e D E F A U L T _ M A X _ T X _ P O W E R ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] i w l w i f i / m v m : f i x e n d i a n i t y i s s u e s w i t h S m a r t F i f o c o m m a n d s ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] R e v e r t : i w l w i f i / d v m : d o n t e n a b l e C T S t o s e l f ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > - [ w i r e l e s s ] c a r l 9 1 7 0 : f i x s e n d i n g U R B s w i t h w r o n g t y p e w h e n u s i n g f u l l - s p e e d ( S t a n i s l a w G r u s z k a ) [ 1 1 5 5 5 3 8 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 7 ] b r > - [ n e t ] i p v 6 : y e t a n o t h e r n e w I P V 6 _ M T U _ D I S C O V E R o p t i o n I P V 6 _ P M T U D I S C _ O M I T ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : y e t a n o t h e r n e w I P _ M T U _ D I S C O V E R o p t i o n I P _ P M T U D I S C _ O M I T ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : u s e i p _ s k b _ d s t _ m t u t o d e t e r m i n e m t u i n i p _ f r a g m e n t ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : i n t r o d u c e i p _ d s t _ m t u _ m a y b e _ f o r w a r d a n d p r o t e c t f o r w a r d i n g p a t h a g a i n s t p m t u s p o o f i n g ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 6 : m o v e i p 6 _ s k _ a c c e p t _ p m t u f r o m g e n e r i c p m t u u p d a t e p a t h t o i p v 6 o n e ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 6 : s u p p o r t I P V 6 _ P M T U _ I N T E R F A C E o n s o c k e t s ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] u d p : d o n o t r e p o r t I C M P r e d i r e c t s t o u s e r s p a c e ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : n e w i p _ n o _ p m t u _ d i s c m o d e t o a l w a y s d i s c a r d i n c o m i n g f r a g n e e d e d m s g s ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i n e t : m a k e n o _ p m t u _ d i s c p e r n a m e s p a c e a n d k i l l i p v 4 _ c o n f i g ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : i m p r o v e d o c u m e n t a t i o n o f i p _ n o _ p m t u _ d i s c ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] i p v 4 : i n t r o d u c e n e w I P _ M T U _ D I S C O V E R m o d e I P _ P M T U D I S C _ I N T E R F A C E ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] x f r m : r e v e r t i p v 4 m t u d e t e r m i n a t i o n t o d s t _ m t u ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] x f r m : i n t r o d u c e h e l p e r f o r s a f e d e t e r m i n a t i o n o f m t u ( H a n n e s F r e d e r i c S o w a ) [ 1 1 7 0 1 1 6 ] b r > - [ n e t ] n e t f i l t e r : c o n n t r a c k : d i s a b l e g e n e r i c t r a c k i n g f o r k n o w n p r o t o c o l s ( D a n i e l B o r k m a n n ) [ 1 1 7 0 5 2 0 ] b r > - [ n e t ] g r e : F i x u s e - a f t e r - f r e e p a n i c i n i p g r e _ r c v ( ) ( P a n u M a t i l a i n e n ) [ 1 1 1 7 5 4 3 ] b r > - [ n e t ] n e t f i l t e r : n f _ c o n n t r a c k _ h 3 2 3 : l o o k u p r o u t e f r o m p r o p e r n e t n a m e s p a c e ( F l o r i a n W e s t p h a l ) [ 1 1 6 3 8 4 7 ] b r > - [ n e t ] n e t f i l t e r : x t _ t c p m s s : l o o k u p r o u t e f r o m p r o p e r n e t n a m e s p a c e ( F l o r i a n W e s t p h a l ) [ 1 1 6 3 8 4 7 ] b r > - [ n e t ] n e t f i l t e r : x t _ t c p m s s : G e t m t u o n l y i f c l a m p - m s s - t o - p m t u i s s p e c i f i e d ( F l o r i a n W e s t p h a l ) [ 1 1 6 3 8 4 7 ] b r > - [ w i r e l e s s ] c f g 8 0 2 1 1 : d o n t W A R N a b o u t t w o c o n s e c u t i v e C o u n t r y I E h i n t ( S t a n i s l a w G r u s z k a ) [ 1 1 6 4 2 8 2 ] b r > - [ f s ] a i o : f i x r a c e b e t w e e n a i o e v e n t c o m p l e t i o n a n d r e a p i n g ( J e f f M o y e r ) [ 1 1 3 1 3 1 2 ] b r > - [ f s ] p r o c / t a s k _ m m u : f i x m i s s i n g c h e c k d u r i n g h u g e p a g e m i g r a t i o n ( J a c o b T a n e n b a u m ) [ 1 1 0 5 0 4 0 ] { C V E - 2 0 1 4 - 3 9 4 0 } b r > - [ k e r n e l ] t r a c e : i n s u f f i c i e n t s y s c a l l n u m b e r v a l i d a t i o n i n p e r f a n d f t r a c e s u b s y s t e m s ( J a c o b T a n e n b a u m ) [ 1 1 6 1 5 7 0 ] { C V E - 2 0 1 4 - 7 8 2 5 C V E - 2 0 1 4 - 7 8 2 6 } b r > - [ e t h e r n e t ] i 4 0 e : g e t p f _ i d f r o m H W r a t h e r t h a n P C I f u n c t i o n ( S t e f a n A s s m a n n ) [ 1 0 7 8 7 4 0 ] b r > - [ e t h e r n e t ] i 4 0 e : i n c r e a s e A R Q s i z e ( S t e f a n A s s m a n n ) [ 1 0 7 8 7 4 0 ] b r > - [ x 8 6 ] u v : U p d a t e t h e U V 3 T L B s h o o t d o w n l o g i c ( F r a n k R a m s a y ) [ 1 1 7 0 2 5 3 ] b r > - [ t o o l s ] p e e k s i g i n f o : a d d P A G E _ S I Z E d e f i n i t i o n ( S t e v e B e s t ) [ 1 1 7 2 2 5 0 ] b r > - [ b a s e ] b u s : F i x u n b a l a n c e d d e v i c e r e f e r e n c e i n d r i v e r s _ p r o b e ( A l e x W i l l i a m s o n ) [ 1 1 5 8 8 6 2 ] b r > - [ c h a r ] t p m : F i x N U L L r e t u r n i n t p m _ i b m v t p m _ g e t _ d e s i r e d _ d m a ( G u s t a v o D u a r t e ) [ 1 1 5 4 8 1 8 ] b r > - [ p o w e r p c ] k v m : b o o k 3 s _ h v - R e s e r v e c m a r e g i o n o n l y i n h y p e r v i s o r m o d e ( G u s t a v o D u a r t e ) [ 1 1 4 7 7 4 0 ] b r > - [ x 8 6 ] t r a p s : s t o p u s i n g I S T f o r # S S ( P e t r M a t o u s e k ) [ 1 1 7 2 8 1 3 ] { C V E - 2 0 1 4 - 9 3 2 2 } b r > b r > [ 3 . 1 0 . 0 - 2 1 6 ] b r > - [ a c p i ] R e v e r t : h o t p l u g / p c i : S i m p l i f y d i s a b l e _ s l o t ( ) ( P r a r i t B h a r g a v a ) [ 1 1 5 8 7 2 0 ] b r > - [ i n f i n i b a n d ] i s e r : A d j u s t d a t a _ l e n g t h t o i n c l u d e p r o t e c t i o n i n f o r m a t i o n ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : B u m p v e r s i o n t o 1 . 4 . 1 ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : A l l o w b i n d o n l y w h e n c o n n e c t i o n s t a t e i s U P ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : F i x R X / T X C Q r e s o u r c e l e a k o n e r r o r f l o w ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : C l a r i f y a d u p l i c a t e c o u n t e r s c h e c k ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : R e p l a c e c o n n e c t i o n w a i t q u e u e w i t h c o m p l e t i o n o b j e c t ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : P r o t e c t i s e r s t a t e m a c h i n e w i t h a m u t e x ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : R e m o v e r e d u n d a n t r e t u r n c o d e i n i s e r _ f r e e _ i b _ c o n n _ r e s ( ) ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : S e p e r a t e i s e r _ c o n n a n d i s c s i _ e n d p o i n t s t o r a g e s p a c e ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : F i x r e s p o n d e r r e s o u r c e s a d v e r t i s e m e n t ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : A d d T I M E W A I T _ E X I T e v e n t h a n d l i n g ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : S u p p o r t I P v 6 a d d r e s s f a m i l y ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : B u m p v e r s i o n t o 1 . 4 ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : A d d m i s s i n g n e w l i n e s t o l o g g i n g m e s s a g e s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : F i x a p o s s i b l e r a c e i n i s e r c o n n e c t i o n s t a t e s t r a n s i t i o n ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : S i m p l i f y c o n n e c t i o n m a n a g e m e n t ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : B u m p d r i v e r v e r s i o n t o 1 . 3 ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : U p d a t e M e l l a n o x c o p y r i g h t n o t e ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : P r i n t Q P i n f o r m a t i o n o n c e c o n n e c t i o n i s e s t a b l i s h e d ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : R e m o v e s t r u c t i s c s i _ i s e r _ c o n n ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : D r a i n t h e t x c q o n c e b e f o r e l o o p i n g o n t h e r x c q ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : F i x s e c t o r _ t f o r m a t w a r n i n g ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : P u b l i s h T 1 0 - P I s u p p o r t t o S C S I m i d l a y e r ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : I m p l e m e n t c h e c k _ p r o t e c t i o n ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : S u p p o r t T 1 0 - P I o p e r a t i o n s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : I n i t i a l i z e T 1 0 - P I r e s o u r c e s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : I n t r o d u c e p i _ e n a b l e , p i _ g u a r d m o d u l e p a r a m e t e r s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : G e n e r a l i z e f a l l _ t o _ b o u n c e _ b u f r o u t i n e ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : G e n e r a l i z e i s e r _ u n m a p _ t a s k _ d a t a a n d f i n a l i z e _ r d m a _ u n a l i g n e d _ s g ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : R e p l a c e f a s t r e g d e s c r i p t o r v a l i d b o o l w i t h i n d i c a t o r s c o n t a i n e r ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : K e e p I B d e v i c e a t t r i b u t e s u n d e r i s e r _ d e v i c e ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : M o v e f a s t _ r e g _ d e s c r i p t o r i n i t i a l i z a t i o n t o a f u n c t i o n ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : P u s h t h e d e c i s i o n w h a t m e m o r y k e y t o u s e i n t o f a s t _ r e g _ m r r o u t i n e ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : A v o i d F R W R n o t a t i o n , u s e f a s t r e g i n s t e a d ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : S u p p r e s s c o m p l e t i o n s f o r f a s t r e g i s t r a t i o n w o r k r e q u e s t s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ i n f i n i b a n d ] i s e r : F i x u s e a f t e r f r e e i n i s e r _ s n d _ c o m p l e t i o n ( ) ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ s c s i ] l i b i s c s i : A d d c h e c k _ p r o t e c t i o n c a l l b a c k f o r t r a n s p o r t s ( A m i r V a d a i ) [ 1 1 0 7 6 2 2 ] b r > - [ m m ] m e m - h o t p l u g : r e s e t n o d e p r e s e n t p a g e s w h e n h o t - a d d i n g a n e w p g d a t ( M o t o h i r o K o s a k i ) [ 1 1 5 6 3 9 6 ] b r > - [ m m ] m e m - h o t p l u g : r e s e t n o d e m a n a g e d p a g e s w h e n h o t - a d d i n g a n e w p g d a t ( M o t o h i r o K o s a k i ) [ 1 1 5 6 3 9 6 ] b r > - [ m m ] m a k e _ _ f r e e _ p a g e s _ b o o t m e m ( ) o n l y a v a i l a b l e a t b o o t t i m e ( M o t o h i r o K o s a k i ) [ 1 1 5 6 3 9 6 ] b r > - [ m m ] u s e a d e d i c a t e d l o c k t o p r o t e c t t o t a l r a m _ p a g e s a n d z o n e - > m a n a g e d _ p a g e s ( M o t o h i r o K o s a k i ) [ 1 1 5 6 3 9 6 ] b r > - [ m m ] a c c u r a t e l y c a l c u l a t e z o n e - > m a n a g e d _ p a g e s f o r h i g h m e m z o n e s ( M o t o h i r o K o s a k i ) [ 1 1 5 6 3 9 6 ] b r > - [ m d ] d m - c a c h e : f i x s p u r i o u s c e l l _ d e f e r w h e n d e a l i n g w i t h p a r t i a l b l o c k a t e n d o f d e v i c e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : d i r t y f l a g w a s m i s t a k e n l y b e i n g c l e a r e d w h e n p r o m o t i n g v i a o v e r w r i t e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : o n l y u s e o v e r w r i t e o p t i m i s a t i o n f o r p r o m o t i o n w h e n i n w r i t e b a c k m o d e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : d i s c a r d b l o c k s i z e m u s t b e a m u l t i p l e o f c a c h e b l o c k s i z e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : f i x a h a r m l e s s r a c e w h e n w o r k i n g o u t i f a b l o c k i s d i s c a r d e d ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : w h e n r e l o a d i n g a d i s c a r d b i t s e t a l l o w f o r a d i f f e r e n t d i s c a r d b l o c k s i z e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - c a c h e : f i x s o m e i s s u e s w i t h t h e n e w d i s c a r d r a n g e s u p p o r t ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - a r r a y : i f r e s i z i n g t h e a r r a y i s a n o o p s e t t h e n e w r o o t t o t h e o l d o n e ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m - b u f i o : f i x m e m l e a k w h e n u s i n g a d m _ b u f f e r s i n l i n e b i o ( M i k e S n i t z e r ) [ 1 1 6 5 0 5 0 ] b r > - [ m d ] d m : u s e r c u _ d e r e f e r e n c e _ p r o t e c t e d i n s t e a d o f r c u _ d e r e f e r e n c e ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m - t h i n : s u s p e n d / r e s u m e a c t i v e t h i n d e v i c e s w h e n r e l o a d i n g t h i n - p o o l ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m - t h i n : d o n o t a l l o w t h i n d e v i c e a c t i v a t i o n w h i l e p o o l i s s u s p e n d e d ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m - t h i n : f i x a r a c e i n t h i n _ d t r ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m - t h i n : r e m o v e s t a l e ' t r i m ' m e s s a g e i n b l o c k c o m m e n t a b o v e p o o l _ m e s s a g e ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : u p d a t e w a i t _ o n _ b i t c a l l s f o r R H E L ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : e n h a n c e i n t e r n a l s u s p e n d a n d r e s u m e i n t e r f a c e ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : a d d p r e s u s p e n d _ u n d o h o o k t o t a r g e t _ t y p e ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : r e t u r n e a r l i e r f r o m d m _ b l k _ i o c t l i f t a r g e t d o e s n t i m p l e m e n t . i o c t l ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : d o n o t c a l l d m _ s y n c _ t a b l e ( ) w h e n c r e a t i n g n e w d e v i c e s ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : s p a r s e - A n n o t a t e f i e l d w i t h _ _ r c u f o r c h e c k i n g ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : U s e r c u _ d e r e f e r e n c e ( ) f o r a c c e s s i n g r c u p o i n t e r ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m : a l l o w a c t i v e a n d i n a c t i v e t a b l e s t o s h a r e d m _ d e v s ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > - [ m d ] d m - m p a t h : s t o p q u e u e i n g I O w h e n n o v a l i d p a t h s e x i s t ( M i k e S n i t z e r ) [ 1 1 6 5 2 4 6 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 5 ] b r > - [ n e t ] v x l a n : D o n o t r e u s e s o c k e t s f o r a d i f f e r e n t a d d r e s s f a m i l y ( M a r c e l o L e i t n e r ) [ 1 1 4 6 1 0 7 ] b r > - [ n e t ] v t i : F i x k e r n e l p a n i c d u e t o t u n n e l n o t b e i n g r e m o v e d o n l i n k d e l e t i o n ( P a n u M a t i l a i n e n ) [ 1 1 6 7 7 2 5 ] b r > - [ n e t ] s c t p : t e s t i f a s s o c i a t i o n i s d e a d i n s c t p _ w a k e _ u p _ w a i t e r s ( D a n i e l B o r k m a n n ) [ 1 1 6 6 4 6 7 ] b r > - [ n e t ] s c t p : w a k e u p a l l a s s o c s i f s n d b u f p o l i c y i s p e r s o c k e t ( D a n i e l B o r k m a n n ) [ 1 1 6 6 4 6 7 ] b r > - [ n e t ] i p : b e t t e r e s t i m a t e t u n n e l h e a d e r c u t f o r c o r r e c t u f o h a n d l i n g ( A l e x a n d e r D u y c k ) [ 1 1 5 9 5 7 7 ] b r > - [ n e t ] i p v 6 : g s o : r e m o v e r e d u n d a n t l o c k i n g ( A l e x a n d e r D u y c k ) [ 1 1 5 9 5 7 7 ] b r > - [ n e t ] i p v 6 : D o n o t t r e a t a G S O _ T C P V 4 r e q u e s t f r o m U D P t u n n e l o v e r I P v 6 a s i n v a l i d ( A l e x a n d e r D u y c k ) [ 1 1 5 9 5 7 7 ] b r > - [ n e t ] i p v 6 : f i b : f i x f i b d u m p r e s t a r t ( P a n u M a t i l a i n e n ) [ 1 1 6 3 6 0 5 ] b r > - [ n e t ] i p v 6 : d r o p u n u s e d f i b 6 _ c l e a n _ a l l _ r o ( ) f u n c t i o n a n d r t 6 _ p r o c _ a r g s t r u c t ( P a n u M a t i l a i n e n ) [ 1 1 6 3 6 0 5 ] b r > - [ n e t ] i p v 6 : a v o i d h i g h o r d e r m e m o r y a l l o c a t i o n s f o r / p r o c / n e t / i p v 6 _ r o u t e ( P a n u M a t i l a i n e n ) [ 1 1 6 3 6 0 5 ] b r > - [ n e t ] i p v 4 : F i x i n c o r r e c t e r r o r c o d e w h e n a d d i n g a n u n r e a c h a b l e r o u t e ( P a n u M a t i l a i n e n ) [ 1 1 6 5 5 5 2 ] b r > - [ n e t ] s c t p : r e p l a c e s e q _ p r i n t f w i t h s e q _ p u t s ( D a n i e l B o r k m a n n ) [ 1 1 6 4 2 1 4 ] b r > - [ n e t ] s c t p : a d d t r a n s p o r t s t a t e i n / p r o c / n e t / s c t p / r e m a d d r ( D a n i e l B o r k m a n n ) [ 1 1 6 4 2 1 4 ] b r > - [ I B ] i s e r t : A d j u s t C Q s i z e t o H W l i m i t s ( A n d y G r o v e r ) [ 1 1 6 6 3 1 4 ] b r > - [ i b _ i s e r t ] A d d m a x _ s e n d _ s g e = 2 m i n i m u m f o r c o n t r o l P D U r e s p o n s e s ( A n d y G r o v e r ) [ 1 1 6 6 3 1 4 ] b r > - [ s c s i ] m e g a r a i d _ s a s : d o n o t p r o c e s s I O C T L s a n d S C S I c o m m a n d s d u r i n g d r i v e r r e m o v a l ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : d n d i n a n e s s r e l a t e d b u g f i x e s ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : c o r r e c t e d r e t u r n o f w a i t _ e v e n t f r o m a b o r t f r a m e p a t h ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : m a k e H B A o p e r a t i o n a l a f t e r L D _ M A P _ S Y N C D C M D i n O C R p a t h ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : o n l i n e F i r m w a r e u p g r a d e s u p p o r t f o r E x t e n d e d V D f e a t u r e ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : u p d a t e M A I N T A I N E R S a n d c o p y r i g h t i n f o r m a t i o n f o r m e g a r a i d d r i v e r s ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > - [ s c s i ] m e g a r a i d _ s a s : d r i v e r v e r s i o n u p g r a d e a n d r e m o v e s o m e m e t a d a t a o f d r i v e r ( 0 6 . 8 0 5 . 0 6 . 0 1 - r c 1 ) ( T o m a s H e n z l ) [ 1 1 6 2 6 4 5 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 4 ] b r > - [ p o w e r p c ] D r o p u s e l e s s w a r n i n g i n e e h _ i n i t ( ) ( G u s t a v o D u a r t e ) [ 1 1 5 6 6 5 1 ] b r > - [ p o w e r p c ] p s e r i e s : D e c r e a s e m e s s a g e l e v e l o n E E H i n i t i a l i z a t i o n ( G u s t a v o D u a r t e ) [ 1 1 5 6 6 5 1 ] b r > - [ n e t ] c e p h : f i x u p i n c l u d e s i n p a g e l i s t . h ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : c h a n g e f r o m B U G t o W A R N f o r _ _ r e m o v e _ o s d ( ) a s s e r t s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : c l e a r r _ r e q _ l r u _ i t e m i n _ _ u n r e g i s t e r _ l i n g e r _ r e q u e s t ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : u n l i n k f r o m o _ l i n g e r _ r e q u e s t s w h e n c l e a r i n g r _ o s d ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : d o n o t c r a s h o n l a r g e a u t h t i c k e t s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : f i x f l u s h t i d c o m p a r i s i o n ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : e l i m i n a t e u n n e c e s s a r y a l l o c a t i o n i n p r o c e s s _ o n e _ t i c k e t ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : F i x e r r o r r e c o v e r y i n r b d _ o b j _ r e a d _ s y n c ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : u s e m e m a l l o c f l a g s f o r n e t I O ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : u s e a s i n g l e w o r k q u e u e f o r a l l d e v i c e s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : f i x d i v i d e - b y - z e r o i n _ _ v a l i d a t e _ l a y o u t ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : r b d w o r k q u e u e s n e e d a r e s q u e w o r k e r ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : c e p h - m s g r w o r k q u e u e n e e d s a r e s q u e w o r k e r ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : f i x b o o l a s s i g n m e n t s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : s e p a r a t e m u l t i p l e o p s w i t h c o m m a s i n d e b u g f s o u t p u t ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : s y n c o s d o p d e f i n i t i o n s i n r a d o s . h ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : r e m o v e r e d u n d a n t d e c l a r a t i o n ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : a d d i t i o n a l d e b u g f s o u t p u t ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : e x p o r t c e p h _ s e s s i o n _ s t a t e _ n a m e f u n c t i o n ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : u s e p a g e l i s t t o p r e s e n t M D S r e q u e s t d a t a ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : r e f e r e n c e c o u n t i n g p a g e l i s t ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : f i x l l i s t x a t t r o n s y m l i n k ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : s e n d c l i e n t m e t a d a t a t o M D S ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : r e m o v e r e d u n d a n t c o d e f o r m a x f i l e s i z e v e r i f i c a t i o n ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : m o v e c e p h _ f i n d _ i n o d e ( ) o u t s i d e t h e s _ m u t e x ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : r e q u e s t x a t t r s i f x a t t r _ v e r s i o n i s z e r o ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : s e t t h e r e m a i n i n g d i s c a r d p r o p e r t i e s t o e n a b l e s u p p o r t ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : u s e h e l p e r s t o h a n d l e d i s c a r d f o r l a y e r e d i m a g e s c o r r e c t l y ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : e x t r a c t a m e t h o d f o r a d d i n g o b j e c t o p e r a t i o n s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : m a k e d i s c a r d t r i g g e r c o p y - o n - w r i t e ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : t o l e r a t e - E N O E N T f o r d i s c a r d o p e r a t i o n s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : f i x s n a p s h o t c o n t e x t r e f e r e n c e c o u n t f o r d i s c a r d s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : r e a d i m a g e s i z e f o r d i s c a r d c h e c k s a f e l y ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : i n i t i a l d i s c a r d b i t s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : e x t e n d t h e o p e r a t i o n t y p e ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : s k i p t h e c o p y u p w h e n a n e n t i r e o b j e c t w r i t i n g ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : a d d i m g _ o b j _ r e q u e s t _ s i m p l e ( ) h e l p e r ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : a c c e s s s n a p s h o t c o n t e x t a n d m a p p i n g s i z e s a f e l y ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : d o n o t r e t u r n - E R A N G E o n a u t h f a i l u r e s ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : d o n t t r y c h e c k i n g q u e u e _ w o r k ( ) r e t u r n v a l u e ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : m a k e s u r e r e q u e s t i s n t i n a n y w a i t i n g l i s t w h e n k i c k i n g r e q u e s t ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : p r o t e c t k i c k _ r e q u e s t s ( ) w i t h m d s c - > m u t e x ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : C o n v e r t p r _ w a r n i n g t o p r _ w a r n ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ f s ] c e p h : t r i m u n u s e d i n o d e s b e f o r e r e c o n n e c t i n g t o r e c o v e r i n g M D S ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : f i x a u s e a f t e r f r e e i s s u e i n o s d m a p _ s e t _ m a x _ o s d ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : s e l e c t C R Y P T O _ C B C i n a d d i t i o n t o C R Y P T O _ A E S ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : r e s e n d l i n g e r i n g r e q u e s t s w i t h a n e w t i d ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ n e t ] c e p h : a b s t r a c t o u t c e p h _ o s d _ r e q u e s t e n q u e u e l o g i c ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : f i x e r r o r r e t u r n c o d e i n r b d _ d e v _ d e v i c e _ s e t u p ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ b l o c k ] r b d : a v o i d f o r m a t - s e c u r i t y w a r n i n g i n s i d e a l l o c _ w o r k q u e u e ( ) ( I l y a D r y o m o v ) [ 1 1 6 5 2 3 2 ] b r > - [ k e r n e l ] p r i n t k / r e g i s t e r _ c o n s o l e : p r e v e n t a d d i n g t h e s a m e c o n s o l e t w i c e ( A r t e m S a v k o v ) [ 1 1 6 9 7 6 6 ] b r > - [ m m ] h u g e t l b : a d d c o n d _ r e s c h e d _ l o c k ( ) i n , r e t u r n _ u n u s e d _ s u r p l u s _ p a g e s ( ) ( M o t o h i r o K o s a k i ) [ 1 1 4 2 6 9 8 ] b r > - [ m m ] h u g e t l b : f i x s o f t l o c k u p w h e n a l a r g e n u m b e r o f , h u g e p a g e s a r e f r e e d ( M o t o h i r o K o s a k i ) [ 1 1 4 2 6 9 8 ] b r > - [ k e r n e l ] s c h e d : U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ n e t ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ s c s i ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ k e r n e l ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ b l o c k ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ b l o c k ] i n c l u d e : U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ m i s c ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ x 8 6 ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > - [ p o w e r p c ] U s e n e w K A B I m a c r o s ( D o n Z i c k u s ) [ 1 1 6 4 3 8 3 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 3 ] b r > - [ s c s i ] i p r : d o n t l o g e r r o r m e s s a g e s w h e n a p p l i c a t i o n s i s s u e s i l l e g a l r e q u e s t s ( G u s t a v o D u a r t e ) [ 1 1 6 3 0 1 9 ] b r > - [ n e t ] m a c v l a n : A l l o w s e t t i n g m u l t i c a s t f i l t e r o n a l l m a c v l a n t y p e s ( V l a d Y a s e v i c h ) [ 8 4 8 1 9 7 ] b r > - [ b l o c k ] g e n h d : f i x l e f t o v e r m i g h t _ s l e e p ( ) i n b l k _ f r e e _ d e v t ( ) ( J e f f M o y e r ) [ 1 1 6 7 7 2 8 ] b r > - [ e t h e r n e t ] m l x 4 : A d d V X L A N n d o c a l l s t o t h e P F n e t d e v i c e o p s t o o ( F l o r i a n W e s t p h a l ) [ 1 1 6 8 2 1 2 ] b r > - [ p o w e r p c ] x m o n : l e - F i x e n d i a n n e s i s s u e i n R T A S c a l l f r o m x m o n ( S t e v e B e s t ) [ 1 1 6 0 6 5 0 ] b r > - [ m m ] t h p : c l o s e r a c e b e t w e e n s p l i t a n d z a p h u g e p a g e s ( S e t h J e n n i n g s ) [ 1 1 6 5 2 6 8 ] b r > - [ m m ] t h p : c l o s e r a c e b e t w e e n m r e m a p ( ) a n d s p l i t _ h u g e _ p a g e ( ) ( S e t h J e n n i n g s ) [ 1 1 6 5 2 6 8 ] b r > - [ m m c ] r t s x : C h a n g e d e f a u l t t x p h a s e ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : C o p y r i g h t m o d i f i c a t i o n s ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : C o n f i g u r e t o e n t e r a d e e p e r p o w e r - s a v i n g m o d e i n S 3 ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : M o v e s o m e a c t i o n s f r o m r t s x _ p c i _ i n i t _ h w t o i n d i v i d u a l e x t r a _ i n i t _ h w ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : A d d s h u t d o w n c a l l b a c k i n r t s x _ p c i _ d r i v e r ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : R e a d v e n d o r s e t t i n g f r o m c o n f i g s p a c e ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > - [ m f d ] r t s x : A d d s u p p o r t f o r R T L 8 4 1 1 B ( D o n Z i c k u s ) [ 1 1 0 6 2 0 4 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 2 ] b r > - [ f s ] f s n o t i f y : n e x t _ i i s f r e e d d u r i n g f s n o t i f y _ u n m o u n t _ i n o d e s ( E r i c S a n d e e n ) [ 1 1 2 4 9 9 7 ] b r > - [ f s ] b t r f s : f i x r e g r e s s i o n o f b t r f s d e v i c e r e p l a c e ( E r i c S a n d e e n ) [ 1 1 6 2 9 8 3 ] b r > - [ f s ] e x t 4 : d o n t c o u n t e x t e r n a l j o u r n a l b l o c k s a s o v e r h e a d ( E r i c S a n d e e n ) [ 1 1 6 4 3 6 6 ] b r > - [ f s ] F i x o o p s w h e n c r e a t i n g s y m l i n k s o n s m b 3 ( S a c h i n P r a b h u ) [ 1 1 6 1 4 2 9 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 1 ] b r > - [ n e t ] s c t p : f i x m e m o r y l e a k i n a u t h k e y m a n a g e m e n t ( D a n i e l B o r k m a n n ) [ 1 1 6 0 9 2 8 ] b r > - [ n e t ] s c t p : f i x N U L L p o i n t e r d e r e f e r e n c e i n a f - > f r o m _ a d d r _ p a r a m o n m a l f o r m e d p a c k e t ( D a n i e l B o r k m a n n ) [ 1 1 5 4 0 0 2 ] { C V E - 2 0 1 4 - 7 8 4 1 } b r > - [ n e t ] t c p : z e r o r e t r a n s _ s t a m p i f a l l r e t r a n s w e r e a c k e d ( M a r c e l o L e i t n e r ) [ 1 1 6 2 1 9 3 ] b r > - [ n e t ] n e t f i l t e r : l o g : p r o t e c t n f _ l o g _ r e g i s t e r a g a i n s t d o u b l e r e g i s t e r i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : u l o g : c o m p a t w i t h n e w s t r u c t u r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : n a t e x p r e s s i o n m u s t s e l e c t C O N F I G _ N F _ N A T ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : a d d e x p l i c i t K c o n f i g f o r N E T F I L T E R _ X T _ N A T ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : m a s q u e r a d i n g n e e d s t o b e i n d e p e n d e n t o f x _ t a b l e s i n K c o n f i g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : N F T _ C H A I N _ N A T _ I P V * i s i n d e p e n d e n t o f N F T _ N A T ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : m o v e N A T K c o n f i g s w i t c h e s o u t o f t h e i p t a b l e s s c o p e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : N E T F I L T E R _ X T _ T A R G E T _ L O G s e l e c t s N F _ L O G _ * ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : f i x s e v e r a l K c o n f i g p r o b l e m s i n N F _ L O G _ * ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ m a s q : r e g i s t e r / u n r e g i s t e r n o t i f i e r s o n m o d u l e i n i t / e x i t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a l l o w t o f i l t e r f r o m p r e r o u t i n g a n d p o s t r o u t i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c o m p a t : r e m o v e i n c o m p l e t e 3 2 / 6 4 b i t s a r c h c o m p a t c o d e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : w a i t f o r c a l l _ r c u c o m p l e t i o n o n m o d u l e r e m o v a l ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ r e j e c t : i n t r o d u c e i c m p c o d e a b s t r a c t i o n f o r i n e t a n d b r i d g e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s t o r e a n d d u m p s e t p o l i c y ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : e x p o r t r u l e - s e t g e n e r a t i o n I D ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d N F T A _ M A S Q _ U N S P E C t o n f t _ m a s q _ a t t r i b u t e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d n e w n f t _ m a s q e x p r e s s i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ n a t : i n c l u d e a f l a g a t t r i b u t e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : e x t e n d N F T _ M S G _ D E L T A B L E t o s u p p o r t f l u s h i n g t h e r u l e s e t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d h e l p e r s t o s c h e d u l e o b j e c t s d e l e t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d d e v g r o u p s u p p o r t i n m e t a e x p r e s i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e n a m e n f _ t a b l e _ d e l r u l e _ b y _ c h a i n ( ) ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d h e l p e r t o u n r e g i s t e r c h a i n h o o k s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e f a c t o r r u l e d e l e t i o n h e l p e r ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c h a i n _ n a t _ i p v 6 : u s e g e n e r i c I P v 6 N A T c o d e f r o m c o r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n a t : m o v e s p e c i f i c N A T I P v 6 t o c o r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ r b t r e e : n o n e e d f o r s p i n l o c k f r o m s e t d e s t r o y p a t h ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ h a s h : n o n e e d f o r r c u i n t h e h a s h s e t d e s t r o y p a t h ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ n a t : g e n e r a l i z e I P v 6 m a s q u e r a d i n g s u p p o r t f o r n f _ t a b l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ n a t : g e n e r a l i z e I P v 4 m a s q u e r a d i n g s u p p o r t f o r n f _ t a b l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c h a i n _ n a t _ i p v 4 : u s e g e n e r i c I P v 4 N A T c o d e f r o m c o r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n a t : m o v e s p e c i f i c N A T I P v 4 t o c o r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ m e t a : A d d c p u a t t r i b u t e s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ m e t a : a d d p k t t y p e s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x e r r o r r e t u r n c o d e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : d o n t u p d a t e c h a i n w i t h u n s e t c o u n t e r s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u n i n i t i a l i z e e l e m e n t k e y / d a t a f r o m t h e c o m m i t p a t h ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n f t a b l e s : C o n v e r t n f t _ h a s h t o u s e g e n e r i c r h a s h t a b l e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : A v o i d d u p l i c a t e c a l l t o n f t _ d a t a _ u n i n i t ( ) f o r s a m e k e y ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : c h e c k f o r u n s e t N F T A _ S E T _ E L E M _ L I S T _ E L E M E N T S a t t r i b u t e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s i m p l i f y s e t d u m p t h r o u g h n e t l i n k ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : b r i d g e : a d d r e j e c t s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : 6 4 b i t s t a t s n e e d s o m e e x t r a s y n c h r o n i z a t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s e t N L M _ F _ D U M P _ I N T R i f n e t l i n k d u m p i n g i s s t a l e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s a f e R C U i t e r a t i o n o n l i s t w h e n d u m p i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s k i p t r a n s a c t i o n i f n o u p d a t e f l a g s i n t a b l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ l o g : f i x c o c c i n e l l e w a r n i n g s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ l o g : c o m p l e t e l o g g i n g s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ l o g : r e q u e s t e x p l i c i t l o g g e r w h e n l o a d i n g r u l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ n a t : d o n t d u m p p o r t i n f o r m a t i o n i f u n s e t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : i n d i c a t e f a m i l y w h e n d u m p i n g s e t e l e m e n t s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c o m p a t : c a l l { t a r g e t , m a t c h } - > d e s t r o y ( ) t o c l e a n u p e n t r y ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x w r o n g t y p e i n t r a n s a c t i o n w h e n r e p l a c i n g r u l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : d e c r e m e n t c h a i n u s e c o u n t e r w h e n r e p l a c i n g r u l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e u 3 2 f o r c h a i n u s e c o u n t e r ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e R C U - s a f e l i s t i n s e r t i o n w h e n r e p l a c i n g r u l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a t o m i c a l l o c a t i o n i n s e t n o t i f i c a t i o n s f r o m r c u c a l l b a c k ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a l l o w t o d e l e t e s e v e r a l o b j e c t s f r o m a b a t c h ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ r b t r e e : i n t r o d u c e l o c k i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e l e a s e o b j e c t s i n r e v e r s e o r d e r i n t h e a b o r t p a t h ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x w r o n g t r a n s a c t i o n o r d e r i n g i n s e t e l e m e n t s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : d e f e r a l l o b j e c t r e l e a s e v i a r c u ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e m o v e s k b a n d n l h f r o m c o n t e x t s t r u c t u r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s i m p l i f y n f _ t a b l e s _ * _ n o t i f y ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e n e w t r a n s a c t i o n i n f r a s t r u c t u r e t o h a n d l e e l e m e n t s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e n e w t r a n s a c t i o n i n f r a s t r u c t u r e t o h a n d l e t a b l e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : p a s s c o n t e x t t o n f _ t a b l e s _ u p d t a b l e ( ) ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : d i s a b l i n g t a b l e h o o k s a l w a y s s u c c e e d s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e n e w t r a n s a c t i o n i n f r a s t r u c t u r e t o h a n d l e c h a i n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e f a c t o r c h a i n s t a t i s t i c r o u t i n e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : u s e n e w t r a n s a c t i o n i n f r a s t r u c t u r e t o h a n d l e s e t s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d m e s s a g e t y p e t o t r a n s a c t i o n s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e l o c a t e c o m m i t a n d a b o r t r o u t i n e s i n t h e s o u r c e f i l e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : g e n e r a l i s e t r a n s a c t i o n i n f r a s t r u c t u r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : d e c o n s t i f y t a b l e a n d c h a i n i n c o n t e x t s t r u c t u r e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x t r a c e o f m a t c h i n g n o n - t e r m i n a l r u l e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x m i s s i n g r e t u r n t r a c e a t t h e e n d o f n o n - b a s e c h a i n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x b o g u s r u l e n u m a f t e r g o t o a c t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x t r a c i n g o f t h e g o t o a c t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x g o t o a c t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e s e t r u l e n u m b e r c o u n t e r a f t e r j u m p a n d g o t o ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : a d d h e l p e r f o r a d d i n g n a t e x t e n s i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e l a x s t r i n g v a l i d a t i o n o f N F T A _ C H A I N _ T Y P E ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : A d d m e t a e x p r e s s i o n k e y f o r b r i d g e i n t e r f a c e n a m e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : M a k e m e t a e x p r e s s i o n c o r e f u n c t i o n s p u b l i c ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : S t a c k e x p r e s s i o n t y p e d e p e n d i n g o n t h e i r f a m i l y ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x n f t _ c m p _ f a s t f a i l u r e o n b i g e n d i a n f o r s i z e 4 ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : h a n d l e m o r e t h a n 8 * P A G E _ S I Z E s e t n a m e a l l o c a t i o n s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : f i x w r o n g f o r m a t i n r e q u e s t _ m o d u l e ( ) ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : s e t n a m e s c a n n o t b e l a r g e r t h a n 1 5 b y t e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d s e t _ e l e m n o t i f i c a t i o n s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ h a s h : u s e s e t g l o b a l e l e m e n t c o u n t e r i n s t e a d o f p r i v a t e o n e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : i m p l e m e n t p r o p e r s e t s e l e c t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c t : s p l i t n f t _ c t _ i n i t ( ) i n t o t w o f u n c t i o n s f o r g e t / s e t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ m e t a : s p l i t n f t _ m e t a _ i n i t ( ) i n t o t w o f u n c t i o n s f o r g e t / s e t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c t : a d d m i s s i n g i f d e f f o r N F T _ M A R K s e t t i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : A d d m i s s i n g v m a l l o c . h i n c l u d e t o n f t _ h a s h . c ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ n a t : f i x f a m i l y v a l i d a t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c t : r e m o v e f a m i l y f r o m s t r u c t n f t _ c t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e s t o r e n o t i f i c a t i o n s f o r a n o n y m o u s s e t d e s t r u c t i o n ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : r e s t o r e c o n t e x t f o r e x p r e s s i o n d e s t r u c t o r s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : c l e a n u p n f _ t a b l e s _ t r a n s _ a d d ( ) a r g u m e n t o r d e r ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ h a s h : b u g f i x e s a n d r e s i z i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d o p t i o n a l u s e r d a t a a r e a t o r u l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a c c e p t Q U E U E / D R O P v e r d i c t p a r a m e t e r s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ t a b l e s : a d d n f t _ d e r e f e r e n c e ( ) m a c r o ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f t _ c t : l a b e l s g e t s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ n a t : a d d f u l l p o r t r a n d o m i z a t i o n s u p p o r t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n f _ t a b l e s : I n c l u d e a p p r o p r i a t e h e a d e r f i l e i n n e t f i l t e r / n f t _ l o o k u p . c ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : x t _ l o g : a d d m i s s i n g s t r i n g f o r m a t i n n f _ l o g _ p a c k e t ( ) ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : l o g : n f _ l o g _ p a c k e t ( ) a s r e a l u n i f i e d i n t e r f a c e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : l o g : s p l i t f a m i l y s p e c i f i c c o d e t o n f _ l o g _ { i p , i p 6 , c o m m o n } . c f i l e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ l o g : m o v e l o g b u f f e r i n g t o c o r e l o g g i n g ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f _ l o g : u s e a n a r r a y o f l o g g e r s i n s t e a d o f l i s t ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] i n t r o d u c e n e t d e v _ a l l o c _ p c p u _ s t a t s ( ) f o r d r i v e r s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : n f n e t l i n k : a d d r c u _ d e r e f e r e n c e _ p r o t e c t e d ( ) h e l p e r s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : i p _ s e t : r e n a m e n f n l _ d e r e f e r e n c e ( ) / n f n l _ s e t ( ) ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : i p s e t : r e m o v e u n u s e d c o d e ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : R e m o v e e x t e r n f r o m f u n c t i o n p r o t o t y p e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] n e t f i l t e r : R e m o v e e x t e r n f r o m f u n c t i o n p r o t o t y p e s ( M a r c e l o L e i t n e r ) [ 1 1 4 8 0 4 1 1 1 5 5 0 8 8 ] b r > - [ n e t ] o p e n v s w i t c h : r e m o v e d u p c o m m e n t i n v p o r t . h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : r e s t o r e O V S _ F L O W _ C M D _ N E W n o t i f i c a t i o n s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A d d r e c i r c a n d h a s h a c t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : s i m p l i f y s a m p l e a c t i o n i m p l e m e n t a t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e t u n _ k e y o n l y f o r e g r e s s t u n n e l p a t h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : r e f a c t o r o v s f l o w e x t r a c t A P I ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : R e m o v e p k t _ k e y f r o m O V S _ C B ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : c h a n g e t h e d a t a t y p e o f e r r o r s t a t u s t o a t o m i c _ l o n g _ t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] g e n e t l i n k : a d d f u n c t i o n g e n l _ h a s _ l i s t e n e r s ( ) ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] v x l a n : C a l l u d p _ f l o w _ s r c _ p o r t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] u d p : A d d f u n c t i o n t o m a k e s o u r c e p o r t f o r U D P t u n n e l s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : d i s t i n g u i s h b e t w e e n t h e d r o p p e d a n d c o n s u m e d s k b ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : f i x a m e m o r y l e a k ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x m e m o r y l e a k i n o v s _ v p o r t _ a l l o c ( ) e r r o r p a t h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : f i x d u p l i c a t e # i n c l u d e h e a d e r s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : R e m o v e u n l i k e l y ( ) f o r W A R N _ O N ( ) c o n d i t i o n s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e I S _ E R R _ O R _ N U L L ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A d d s k b _ c l o n e N U L L c h e c k f o r t h e s a m p l i n g a c t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : S a m p l e a c t i o n w i t h o u t s i d e e f f e c t s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A v o i d m e m o r y c o r r u p t i o n i n q u e u e _ u s e r s p a c e _ p a c k e t ( ) ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : E n a b l e t u n n e l G S O f o r O V S b r i d g e ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A l l o w e a c h v p o r t t o h a v e a n a r r a y o f ' p o r t _ i d ' s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : m a k e g e n e r i c n e t l i n k g r o u p c o n s t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : i n t r o d u c e r t n l o p s s t u b ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e e x a c t l o o k u p f o r f l o w _ g e t a n d f l o w _ d e l ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x t r a c k i n g o f f l a g s s e e n i n T C P f l o w s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : s u p p l y a d u m m y e r r _ h a n d l e r o f g r e _ c i s c o _ p r o t o c o l t o p r e v e n t k e r n e l c r a s h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x a d o u b l e f r e e b u g f o r t h e s a m p l e a c t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : S i m p l i f y g e n e t l i n k c o d e ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : M i n i m i z e o v s _ f l o w _ c m d _ n e w ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : S p l i t o v s _ f l o w _ c m d _ n e w _ o r _ s e t ( ) ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : M i n i m i z e o v s _ f l o w _ c m d _ d e l c r i t i c a l s e c t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : R e d u c e l o c k i n g r e q u i r e m e n t s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x o v s _ f l o w _ s t a t s _ g e t / c l e a r R C U d e r e f e r e n c e ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x t y p o ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : M i n i m i z e d p a n d v p o r t c r i t i c a l s e c t i o n s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : M a k e f l o w m a s k r e m o v a l s y m m e t r i c ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : B u i l d f l o w c m d n e t l i n k r e p l y o n l y i f n e e d e d ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : C l a r i f y l o c k i n g ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A v o i d a s s i g n i n g a N U L L p o i n t e r t o f l o w a c t i o n s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : C o m p a c t s w _ f l o w _ k e y ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] n e t / o p e n v s w i t c h : U s e w i t h R C U _ I N I T _ P O I N T E R ( x , N U L L ) i n v p o r t - g r e . c ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e T C P f l a g s i n t h e f l o w k e y f o r s t a t s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x o u t p u t o f S C T P m a s k ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : P e r N U M A n o d e f l o w s t a t s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : R e m o v e 5 - t u p l e o p t i m i z a t i o n ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e e t h e r _ a d d r _ c o p y ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : f l o w _ n e t l i n k : U s e p r _ f m t t o O V S _ N L E R R o u t p u t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : U s e n e t _ r a t e l i m i t i n O V S _ N L E R R ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : A d d e d ( u n s i g n e d l o n g l o n g ) c a s t i n p r i n t f ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : a v o i d c a s t - q u a l w a r n i n g i n v p o r t _ p r i v ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : a v o i d w a r n i n g s i n v p o r t _ f r o m _ p r i v ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : u s e c o n s t i n s o m e l o c a l v a r s a n d c a s t s ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : g e t r i d o f S E T _ E T H T O O L _ O P S ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : C o r r e c t l y r e p o r t f l o w u s e d t i m e s f o r f i r s t 5 m i n u t e s a f t e r b o o t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : F i x r a c e ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : R e a d t c p f l a g s o n l y t h e n t h e t r a n p o r t h e a d e r i s p r e s e n t ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : r e n a m e - > s y n c t o - > s y n c p ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] o p e n v s w i t c h : m a k e f u n c t i o n s l o c a l ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] A d d u t i l i t y f u n c t i o n t o c o p y s k b h a s h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] C h a n g e s k b _ g e t _ r x h a s h t o s k b _ g e t _ h a s h ( J i r i B e n c ) [ 1 1 1 0 3 8 4 ] b r > - [ n e t ] n e t l i n k : R e - a d d l o c k i n g t o n e t l i n k _ l o o k u p ( ) a n d s e q w a l k e r ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : r e m o v e s e c o n d l i n u x / l o g 2 . h i n c l u s i o n ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : a l l o w u s e r t o s e t t h e m i n i m u m s h i f t s o f s h r i n k i n g ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : f i x l o c k d e p s p l a t i n r h a s h t a b l e _ d e s t r o y ( ) ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : S p e l l i n g s / c o m p u a t e / c o m p u t e / ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : A n n o t a t e R C U l o c k i n g f o r s e q _ f i l e w a l k e r ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : h o l d n l _ s o c k _ h a s h _ l o c k d u r i n g d i a g d u m p ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : f i x l o c k d e p s p l a t s ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : C o n v e r t n e t l i n k _ l o o k u p ( ) t o u s e R C U p r o t e c t e d h a s h t a b l e ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : m a k e c o m p a r e e x i s t a l l t h e t i m e ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : A d d c o m p a r e f u n c t i o n f o r n e t l i n k _ t a b l e ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : f i x a n n o t a t i o n s f o r r h t _ f o r _ e a c h _ e n t r y _ r c u ( ) ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : u n e x p o r t a n d m a k e r h t _ o b j ( ) s t a t i c ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : R C U a n n o t a t i o n s f o r n e x t p o i n t e r s ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ l i b ] r h a s h t a b l e : R e s i z a b l e , S c a l a b l e , C o n c u r r e n t H a s h T a b l e ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ m m ] a d d k v f r e e ( ) ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : F i x h a n d l i n g o f e r r o r f r o m n e t l i n k _ d u m p ( ) ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : a u t o s i z e s k b l e n g t h e s ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > - [ n e t ] n e t l i n k : E l i m i n a t e k m a l l o c i n n e t l i n k d u m p o p e r a t i o n ( J i r i B e n c ) [ 1 1 4 0 6 6 1 ] b r > b r > [ 3 . 1 0 . 0 - 2 1 0 ] b r > - [ m i s c ] k a b i : r e v e r t t w o k a b i a d d i t i o n s t h a t n e e d u p d a t e d p p c 6 4 s u m s ( J a r o d W i l s o n ) b r > b r > [ 3 . 1 0 . 0 - 2 0 9 ] b r > - [ f s ] x f s : w r i t e f a i l u r e b e y o n d E O F t r u n c a t e s t o o m u c h d a t a ( B r i a n F o s t e r ) [ 1 0 3 2 9 6 8 ] b r > - [ f s ] x f s : x f s _ v m _ w r i t e _ e n d t r u n c a t e s t o o m u c h o n f a i l u r e ( B r i a n F o s t e r ) [ 1 0 3 2 9 6 8 ] b r > - [ f s ] x f s : u s e - > i n v a l i d a t e p a g e ( ) l e n g t h a r g u m e n t ( B r i a n F o s t e r ) [ 1 0 3 2 9 6 8 ] b r > - [ f s ] x f s : c h a n g e i n v a l i d a t e p a g e p r o t o t y p e t o a c c e p t l e n g t h ( B r i a n F o s t e r ) [ 1 0 3 2 9 6 8 ] b r > - [ f s ] x f s : r e s t o r e b u f f e r _ h e a d u n w r i t t e n b i t o n i o e n d c a n c e l ( B r i a n F o s t e r ) [ 1 1 6 2 9 5 3 ] b r > - [ f s ] x f s : a l l o w i n o d e a l l o c a t i o n s i n p o s t - g r o w f s d i s k s p a c e ( E r i c S a n d e e n ) [ 1 1 1 5 2 0 1 ] b r > - [ s c s i ] p m 8 0 0 1 : U p d a t e n v m d r e s p o n s e d a t a t o r e q u e s t b u f f e r ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : f i x p m 8 0 0 1 _ s t o r e _ u p d a t e _ f w ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : F i x e r r a t i c c a l c u l a t i o n i n u p d a t e _ f l a s h ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : F i x i n v a l i d r e t u r n w h e n r e q u e s t _ i r q ( ) f a i l e d ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : f i x a m e m o r y l e a k i n n v m d _ r e s p ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : f i x u p d a t e _ f l a s h ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : f i x a m e m o r y l e a k i n f l a s h _ u p d a t e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : C l e a n i n g u p u n i n i t i a l i z e d v a r i a b l e s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : F i x t o r e m o v e n u l l p o i n t e r c h e c k s t h a t c o u l d n e v e r h a p p e n ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : m o r e f i x e s t o h o n o r r e t u r n v a l u e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : a d d a n e w s p i n l o c k t o p r o t e c t t h e C C B ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : h o n o r r e t u r n v a l u e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : c l e a n b i t m a p m a n a g e m e n t f u n c t i o n s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : F i x h i b e r n a t i o n i s s u e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 0 1 : F i x p o t e n t i a l n u l l p o i n t e r d e r e f e r e n c e a n d m e m o r y l e a k ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : F i x m i s s i n g N U L L p o i n t e r c h e c k s a n d m e m o r y l e a k s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] d r i v e r s / s c s i / p m 8 0 0 1 / p m 8 0 0 1 _ c t l . c : a v o i d w o r l d - w r i t a b l e s y s f s f i l e s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : f i x p r o b l e m o f p m 8 0 0 1 _ w o r k _ f n r e s e t i n g i n c o r r e c t p h y d e v i c e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : F i x m i s s i n g N U L L p o i n t e r c h e c k s a n d m e m o r y l e a k s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : E n a b l e B A R s h i f t t o a v o i d B I O S c o n f l i c t w i t h M P I s p a c e f o r A T T O p m 8 0 0 1 b a s e d H B A s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : R e a d s a v e d W W N f r o m N V M D f o r A T T O p m 8 0 0 1 b a s e d H B A s ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ s c s i ] p m 8 0 x x : F i x e d r e t u r n v a l u e i s s u e ( R i c h B o n o ) [ 1 1 1 0 9 4 3 ] b r > - [ m d ] d m - t h i n : f i x p o o l _ i o _ h i n t s t o a v o i d l o o k i n g a t m a x _ h w _ s e c t o r s ( M i k e S n i t z e r ) [ 1 1 5 6 1 6 4 ] b r > - [ k e r n e l ] a u d i t : k e e p i n o d e p i n n e d ( P a u l M o o r e ) [ 1 1 6 2 2 6 1 ] b r > - [ b l o c k ] n v m e : c l e a n u p n v m e _ s p l i t _ f l u s h _ d a t a ( ) ( D a v i d M i l b u r n ) [ 1 1 6 1 7 6 6 ] b r > - [ s c s i ] i b m v f c : f i x l i t t l e e n d i a n i s s u e s ( S t e v e B e s t ) [ 1 1 5 9 7 8 1 ] b r > - [ s c s i ] i b m v f c : F i x f o r o f f l i n i n g d e v i c e s d u r i n g e r r o r r e c o v e r y ( S t e v e B e s t ) [ 1 1 5 9 7 8 1 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 8 ] b r > - [ s c s i ] c x g b 4 i : s e n d a b o r t _ r p l c o r r e c t l y ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ D o c u m e n t a t i o n ] c x g b i : a d d m a i n t a i n e r f o r c x g b 3 i / c x g b 4 i ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 v f : F L S t a r v a t i o n T h r e s h o l d n e e d s t o b e l a r g e r t h a n t h e S G E s E g r e s s C o n g e s t i o n T h r e s h o l d ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : F o r T 5 u s e P a c k i n g a n d P a d d i n g B o u n d a r i e s f o r S G E D M A t r a n s f e r s ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 v f : M o v e f l _ s t a r v _ t h r e s i n t o a d a p t e r - > s g e d a t a s t r u c t u r e ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 v f : R e p l a c e r e p e t i t i v e p c i d e v i c e I D s w i t h r i g h t o n e s ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ i n f i n b a n d ] c x g b 4 : M a k e c 4 i w _ w r _ l o g _ s i z e _ o r d e r s t a t i c ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ i n f i n b a n d ] c x g b 4 : A d d m i s s i n g n e i g h _ r e l e a s e i n f i n d _ r o u t e ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ i n f i n b a n d ] c x g b 4 : F i x n t u p l e c a l c u l a t i o n f o r i p v 6 a n d r e m o v e d u p l i c a t e l i n e ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : F i x F W f l a s h l o g i c u s i n g e t h t o o l ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ i n f i n i b a n d ] c x g b 4 : T a k e I P v 6 i n t o a c c o u n t f o r b e s t _ m t u a n d s e t _ e m s s ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : W a i t f o r d e v i c e t o g e t r e a d y b e f o r e r e a d i n g a n y r e g i s t e r ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 v f : A d d 4 0 G s u p p o r t f o r c x g b 4 v f d r i v e r ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : U p d a t e d t h e L S O t r a n s f e r l e n g t h i n C P L _ T X _ P K T _ L S O f o r T 5 ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : A d d s u p p o r t f o r a d a p t i v e r x ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : C h a n g e d e f a u l t I n t e r r u p t H o l d o f f P a c k e t C o u n t T h r e s h o l d ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : A d d D e v i c d e I D f o r t w o m o r e a d a p t e r ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 v f : R e m o v e s u p e r f l u o u s ' i d x ' p a r a m e t e r o f C H _ D E V I C E ( ) m a c r o ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ e t h e r n e t ] c x g b 4 : U s e B A R 2 G o i n g T o S l e e p ( G T S ) f o r T 5 a n d l a t e r ( S a i V e m u r i ) [ 1 1 6 3 4 6 7 ] b r > - [ s c s i ] c x g b i : s u p p o r t i p v 6 a d d r e s s h o s t _ p a r a m ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ s c s i ] c x g b 4 i : F i x - W m a y b e - u n i n i t i a l i z e d w a r n i n g ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ s c s i ] c x g b 4 i : R e m o v e d u p l i c a t e c a l l t o d s t _ n e i g h _ l o o k u p ( ) ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ s c s i ] c x g b 4 i : F i x - W u n u s e d - f u n c t i o n w a r n i n g ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ e t h e r n e t ] c x g b 4 : F i x b u i l d f a i l u r e i n c x g b 4 w h e n i p v 6 i s d i s a b l e d / n o t i n - b u i l t ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ s c s i ] c x g b 4 i : R e m o v e d u p l i c a t e d C L I P h a n d l i n g c o d e ( S a i V e m u r i ) [ 1 1 5 3 8 3 4 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x a l i g n m e n t o n l i n e w r a p ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e m o v e m u l t i p l e a s s i g n m e n t s o n a s i n g l e l i n e ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e m o v e s p a c e a f t e r t y p e c a s t s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e m o v e u n n e c e s s a r y b l a n k l i n e s a f t e r a n o p e n b r a c e ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : i n s e r t a b l a n k l i n e a f t e r f u n c t i o n / s t r u c t / / e n u m d e f i n i t i o n s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e m o v e m u l t i p l e b l a n k l i n e s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : a d d b l a n k l i n e a f t e r d e c l a r a t i o n s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e m o v e r e t u r n s t a t e m e n t s f o r v o i d f u n c t i o n s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : a d d s p e e d r e p o r t i n g f o r 2 0 G - K R i n t e r f a c e ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : a d d s p e e d r e p o r t i n g f o r 4 0 G / K R i n t e r f a c e ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x s p a r s e w a r n i n g s i n b e _ c m d _ r e q _ p o r t _ t y p e { } ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x a s p a r s e w a r n i n g i n b e _ c m d _ m o d i f y _ e q d ( ) ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : e n a b l e P C I e e r r o r r e p o r t i n g o n V F s t o o ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : s e n d a m a x o f 8 E Q s t o b e _ c m d _ m o d i f y _ e q d ( ) o n L a n c e r ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x p o r t - t y p e r e p o r t i n g i n g e t _ s e t t i n g s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : a d d e t h t o o l ' - m ' o p t i o n s u p p o r t ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x R X f r a g m e n t p o s t i n g f o r j u m b o f r a m e s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : r e p l a c e s t r c p y w i t h s t r l c p y ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b e 2 n e t : f i x s o m e l o g m e s s a g e s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 5 ] b r > - [ e t h e r n e t ] b n a : f i x s k b - > t r u e s i z e u n d e r e s t i m a t i o n ( I v a n V e c e r a ) [ 1 1 6 5 7 5 9 ] b r > - [ e t h e r n e t ] b n a : a l l o w t r a n s m i t t a g g e d f r a m e s ( I v a n V e c e r a ) [ 1 1 6 5 7 5 9 ] b r > - [ e t h e r n e t ] b n a : u s e c o n t a i n e r _ o f t o r e s o l v e b u f d e s c _ e x f r o m b u f d e s c ( I v a n V e c e r a ) [ 1 1 6 5 7 5 9 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d s u p p o r t f o r R T L 8 1 6 8 E P ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d s u p p o r t f o r B y t e Q u e u e L i m i t s ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : c a l l ' r t l 8 1 6 8 _ d r i v e r _ s t a r t ' ' r t l 8 1 6 8 _ d r i v e r _ s t o p ' o n l y w h e n h a r d w a r e d a s h f u n c t i o n i s e n a b l e d ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : m o d i f y t h e b e h a v i o r o f f u n c t i o n ' r t l 8 1 6 8 _ o o b _ n o t i f y ' ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : c h a n g e t h e n a m e o f f u n c t i o n ' r 8 1 6 8 d p _ c h e c k _ d a s h ' t o ' r 8 1 6 8 _ c h e c k _ d a s h ' ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : c h a n g e t h e n a m e o f f u n c t i o n ' r t l _ w 1 w 0 _ e r i ' ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : f o r f u n c t i o n ' r t l _ w 1 w 0 _ p h y ' c h a n g e i t s n a m e a n d b e h a v i o r ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d m o r e c h i p s t o s u p p o r t m a g i c p a c k e t v 2 ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d s u p p o r t m o r e c h i p s t o g e t m a c a d d r e s s f r o m b a c k u p m a c a d d r e s s r e g i s t e r ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d d i s a b l e / e n a b l e R T L 8 4 1 1 B p l l f u n c t i o n ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d d d i s a b l e / e n a b l e R T L 8 1 6 8 G p l l f u n c t i o n ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : c h a n g e u p p e r c a s e n u m b e r t o l o w e r c a s e n u m b e r ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : f i x a n i f c o n d i t i o n ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : a d j u s t _ _ r t l 8 1 6 9 _ s e t _ f e a t u r e s ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : f i x s e t t i n g r x v l a n ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > - [ e t h e r n e t ] r 8 1 6 9 : f i x t h e d e f a u l t s e t t i n g o f r x v l a n ( I v a n V e c e r a ) [ 1 1 6 5 7 6 4 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 7 ] b r > - [ p o w e r p c ] u s e d e v i c e _ o n l i n e / o f f l i n e ( ) i n s t e a d o f c p u _ u p / d o w n ( ) ( G u s t a v o D u a r t e ) [ 1 1 5 7 7 3 7 ] b r > - [ e t h e r n e t ] i 4 0 e : d i s a b l e F C o E ( S t e f a n A s s m a n n ) [ 1 1 6 5 1 7 5 ] b r > - [ c p u f r e q ] i n t e l _ p s t a t e : A d d C P U I D f o r B D W - H C P U ( S t e v e B e s t ) [ 1 1 6 4 3 7 9 ] b r > - [ m m ] d o n o t o v e r w r i t e r e s e r v e d p a g e s c o u n t e r a t s h o w _ m e m ( ) ( R a f a e l A q u i n i ) [ 1 1 2 5 4 3 3 ] b r > - [ a l s a ] R e v e r t : K c o n f i g : r e n a m e H A S _ I O P O R T t o H A S _ I O P O R T _ M A P ( J a r o d W i l s o n ) [ 1 1 1 2 2 0 0 ] b r > - [ e t h e r n e t ] e n i c : D o n o t c a l l n a p i _ d i s a b l e w h e n p r e e m p t i o n i s d i s a b l e d ( S t e f a n A s s m a n n ) [ 1 1 4 5 0 1 9 ] b r > - [ e t h e r n e t ] e n i c : f i x p o s s i b l e d e a d l o c k i n e n i c _ s t o p / e n i c _ r f s _ f l w _ t b l _ f r e e ( S t e f a n A s s m a n n ) [ 1 1 4 5 0 1 9 ] b r > - [ x 8 6 ] u v _ b a u : A v o i d N U L L p o i n t e r r e f e r e n c e i n p t c _ s e q _ s h o w ( F r a n k R a m s a y ) [ 1 1 6 1 1 8 3 ] b r > - [ x 8 6 ] u v _ b a u : I n c r e a s e m a x i m u m C P U s p e r s o c k e t / h u b ( F r a n k R a m s a y ) [ 1 1 6 1 1 8 3 ] b r > - [ m m ] v m s c a n : d o n o t t h r o t t l e b a s e d o n p f m e m a l l o c r e s e r v e s i f n o d e h a s n o Z O N E _ N O R M A L ( G u s t a v o D u a r t e ) [ 1 1 4 8 9 2 5 ] b r > - [ c h a r ] h w r n g / p s e r i e s : p o r t t o n e w r e a d A P I a n d f i x s t a c k c o r r u p t i o n ( G u s t a v o D u a r t e ) [ 1 1 6 3 6 5 9 ] b r > - [ m d ] R e v e r t : d m - c a c h e : a d d c a l l t o m a r k _ t e c h _ p r e v i e w ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - c a c h e : e m i t a w a r n i n g m e s s a g e i f t h e r e a r e a l o t o f c a c h e b l o c k s ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - c a c h e : i m p r o v e d i s c a r d s u p p o r t ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - c a c h e : r e v e r t ' p r e v e n t c o r r u p t i o n c a u s e d b y d i s c a r d _ b l o c k _ s i z e > c a c h e _ b l o c k _ s i z e ' ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - c a c h e : r e v e r t ' r e m o v e r e m a i n d e r o f d i s t i n c t d i s c a r d b l o c k s i z e ' ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - b i o - p r i s o n : i n t r o d u c e s u p p o r t f o r l o c k i n g r a n g e s o f b l o c k s ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - b t r e e : f i x a r e c u r s i o n d e p t h b u g i n b t r e e w a l k i n g c o d e ( M i k e S n i t z e r ) [ 1 0 8 0 8 9 4 ] b r > - [ m d ] d m - c a c h e - p o l i c y - m q : s i m p l i f y a b i l i t y t o p r o m o t e s e q u e n t i a l I O t o t h e c a c h e ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ m d ] d m - c a c h e - p o l i c y - m q : t w e a k a l g o r i t h m t h a t d e c i d e s w h e n t o p r o m o t e a b l o c k ( M i k e S n i t z e r ) [ 1 1 5 9 0 0 1 ] b r > - [ s e c u r i t y ] s e l i n u x : f i x i n o d e s e c u r i t y l i s t c o r r u p t i o n ( P a u l M o o r e ) [ 1 1 5 2 2 7 4 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 6 ] b r > - [ x 8 6 ] q u i r k s : P r i n t t h e I n t e l g r a p h i c s s t o l e n m e m o r y r a n g e ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ x 8 6 ] q u i r k s : A d d I n t e l g r a p h i c s s t o l e n m e m o r y q u i r k f o r g e n 2 p l a t f o r m s ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ x 8 6 ] q u i r k s : A d d v f u n c f o r I n t e l g r a p h i c s s t o l e n m e m o r y b a s e a d d r e s s ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ x 8 6 ] q u i r k s : u s e g e n 6 s t o l e n d e t e c t i o n f o r V L V ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ x 8 6 ] q u i r k s : s u p p o r t G M S a n d G G M S c h a n g e s o n i 9 1 5 / b d w ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ x 8 6 ] q u i r k s : a d d e a r l y q u i r k f o r r e s e r v i n g I n t e l g r a p h i c s s t o l e n m e m o r y v 5 ( R o b C l a r k ) [ 1 1 5 4 0 5 3 ] b r > - [ n e t ] v m x n e t 3 : f i x n e t p o l l r a c e c o n d i t i o n ( N e i l H o r m a n ) [ 1 1 5 8 0 0 1 ] b r > - [ v i r t ] v i r t i o _ b a l l o o n : u p d a t e _ b a l l o o n _ s i z e ( ) - u p d a t e c o r r e c t f i e l d ( L u i z C a p i t u l i n o ) [ 1 1 6 3 5 6 7 ] b r > - [ f i r m w a r e ] m e m m a p : d o n t c r e a t e m e m m a p s y s f s o f s a m e f i r m w a r e _ m a p _ e n t r y ( T a k a h i r o M U N E D A ) [ 1 1 6 0 1 7 3 ] b r > - [ m m ] m e m o r y - h o t p l u g : c l e a r p g d a t w h i c h i s a l l o c a t e d b y b o o t m e m i n t r y _ o f f l i n e _ n o d e ( ) ( L a r r y W o o d m a n ) [ 1 1 5 6 3 9 3 ] b r > - [ k e r n e l ] a d d p a n i c _ o n _ w a r n ( P r a r i t B h a r g a v a ) [ 1 1 6 3 8 5 2 ] b r > - [ v i r t ] h y p e r v : F i x t h e t o t a l _ d a t a _ b u f l e n i n s e n d p a t h ( J a s o n W a n g ) [ 1 1 5 6 3 0 5 ] b r > - [ v i r t ] h y p e r v : A d d h a n d l i n g o f I P h e a d e r w i t h o p t i o n f i e l d i n n e t v s c _ s e t _ h a s h ( ) ( J a s o n W a n g ) [ 1 1 5 6 3 0 5 ] b r > - [ v i r t ] h y p e r v : F i x a b u g i n n e t v s c _ s t a r t _ x m i t ( ) ( J a s o n W a n g ) [ 1 1 5 6 3 0 5 ] b r > - [ v i r t ] h y p e r v : F i x a b u g i n n e t v s c _ s e n d ( ) ( J a s o n W a n g ) [ 1 1 5 6 3 0 5 ] b r > - [ p o w e r p c ] k e x e c : a d j u s t c r a s h k e r n e l r e s e r v a t i o n f o r 2 G B - 4 G B s y s t e m s ( G u s t a v o D u a r t e ) [ 1 0 7 4 9 2 4 ] b r > - [ v i r t ] k v m / i o a p i c : c o n d i t i o n a l l y d e l a y i r q d e l i v e r y d u r i n g e o i b r o a d c a s t ( J o h n S n o w ) [ 9 2 1 5 2 6 ] b r > - [ f s ] f i l e _ t a b l e : g e t r i d o f s _ f i l e s a n d f i l e s _ l o c k ( G u s t a v o D u a r t e ) [ 1 1 1 2 8 0 5 ] b r > - [ f s ] s u p e r : u n i n l i n e d e s t r o y _ s u p e r ( ) , c o n s o l i d a t e a l l o c _ s u p e r ( ) ( G u s t a v o D u a r t e ) [ 1 1 1 2 8 0 5 ] b r > - [ e t h e r n e t ] m l x 4 : A d v e r t i z e e n c a p s u l a t i o n o f f l o a d s f e a t u r e s o n l y w h e n V X L A N t u n n e l i s s e t ( F l o r i a n W e s t p h a l ) [ 1 0 9 7 4 7 8 ] b r > - [ e t h e r n e t ] m l x 4 : A v o i d l e a k i n g s t e e r i n g r u l e s o n f l o w c r e a t i o n e r r o r f l o w ( F l o r i a n W e s t p h a l ) [ 1 0 9 7 4 7 8 ] b r > - [ e t h e r n e t ] m l x 4 : D o n t a t t e m p t t o T X o f f l o a d t h e o u t e r U D P c h e c k s u m f o r V X L A N ( F l o r i a n W e s t p h a l ) [ 1 0 9 7 4 7 8 ] b r > - [ s c s i ] b n x 2 f c : f i x t g t s p i n l o c k l o c k i n g ( M a u r i z i o L o m b a r d i ) [ 1 1 6 5 1 6 9 ] b r > - [ s c s i ] T U R p a t h i s d o w n a f t e r a d a p t e r g e t s r e s e t w i t h m u l t i p a t h ( E w a n M i l n e ) [ 1 1 5 3 7 3 8 ] b r > - [ s c s i ] c a l l d e v i c e h a n d l e r f o r f a i l e d T U R c o m m a n d ( E w a n M i l n e ) [ 1 1 5 3 7 3 8 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 5 ] b r > - [ m m ] s h m e m : f i x s p l i c i n g f r o m a h o l e w h i l e i t s p u n c h e d ( D e n y s V l a s e n k o ) [ 1 1 1 8 2 4 5 ] { C V E - 2 0 1 4 - 4 1 7 1 } b r > - [ m m ] s h m e m : f i x f a u l t i n g i n t o a h o l e , n o t t a k i n g i _ m u t e x ( D e n y s V l a s e n k o ) [ 1 1 1 8 2 4 5 ] { C V E - 2 0 1 4 - 4 1 7 1 } b r > - [ m m ] s h m e m : f i x f a u l t i n g i n t o a h o l e w h i l e i t s p u n c h e d ( D e n y s V l a s e n k o ) [ 1 1 1 8 2 4 5 ] { C V E - 2 0 1 4 - 4 1 7 1 } b r > - [ v i r t ] k v m : d e t e c t L V T T c h a n g e s u n d e r A P I C v ( R a d i m K r c m a r ) [ 1 1 5 1 1 7 4 ] b r > - [ v i r t ] k v m : d e t e c t S P I V c h a n g e s u n d e r A P I C v ( R a d i m K r c m a r ) [ 1 1 5 1 1 7 4 ] b r > - [ v i r t ] k v m : r e c a l c u l a t e _ a p i c _ m a p a f t e r e n a b l i n g a p i c ( R a d i m K r c m a r ) [ 1 1 5 1 1 7 4 ] b r > - [ v i r t ] k v m : t r a c e k v m _ p l e _ w i n d o w g r o w / s h r i n k ( R a d i m K r c m a r ) [ 1 1 6 3 2 9 6 ] b r > - [ v i r t ] k v m / v m x : d y n a m i s e P L E w i n d o w ( R a d i m K r c m a r ) [ 1 1 6 3 2 9 6 ] b r > - [ v i r t ] k v m / v m x : m a k e P L E w i n d o w p e r - V C P U ( R a d i m K r c m a r ) [ 1 1 6 3 2 9 6 ] b r > - [ v i r t ] k v m : i n t r o d u c e s c h e d _ i n t o k v m _ x 8 6 _ o p s ( R a d i m K r c m a r ) [ 1 1 6 3 2 9 6 ] b r > - [ v i r t ] k v m : a d d k v m _ a r c h _ s c h e d _ i n ( R a d i m K r c m a r ) [ 1 1 6 3 2 9 6 ] b r > - [ k e r n e l ] u p r o b e s : D o n t a s s u m e t h a t a r c h _ u p r o b e - > i n s n / i x o l i s u 8 [ M A X _ U I N S N _ B Y T E S ] ( S t e v e B e s t ) [ 1 1 5 9 3 6 5 ] b r > - [ d r m ] q x l : d o n t c r e a t e t o o l a r g e p r i m a r y s u r f a c e ( D a v e A i r l i e ) [ 1 1 5 8 2 3 3 ] b r > - [ p o w e r p c ] p s e r i e s : Q u i e t e n i b m , p c i e - l i n k - s p e e d - s t a t s w a r n i n g ( S t e v e B e s t ) [ 1 1 6 2 2 8 7 ] b r > - [ m d ] d m - t h i n : f i x p o t e n t i a l f o r i n f i n i t e l o o p i n p o o l _ i o _ h i n t s ( M i k e S n i t z e r ) [ 1 1 5 6 1 6 4 ] b r > - [ v i r t ] h y p e r v / v m b u s : I n c r e a s e t h e l i m i t o n t h e n u m b e r o f p f n s w e c a n h a n d l e ( J a s o n W a n g ) [ 1 1 6 0 1 3 0 ] b r > - [ v i r t ] k v m : u p d a t e m a s t e r c l o c k v a l u e s o n T S C w r i t e s ( M a r c e l o T o s a t t i ) [ 1 1 5 8 0 3 9 ] b r > - [ v i r t ] k v m : e m u l a t e M O V N T D Q ( P a o l o B o n z i n i ) [ 1 1 1 7 5 4 2 ] b r > - [ c r y p t o ] a f _ a l g : p r o p e r l y l a b e l A F _ A L G s o c k e t ( O n d r e j K o z i n a ) [ 1 1 6 1 1 4 8 ] b r > - [ p o w e r p c ] v p h n : N U M A n o d e c o d e e x p e c t s b i g - e n d i a n ( S t e v e B e s t ) [ 1 1 5 4 6 7 3 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 4 ] b r > - [ n e t ] i p 6 _ g r e : R e t u r n a n e r r o r w h e n a d d i n g a n e x i s t i n g t u n n e l ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] i p 6 _ t u n n e l : R e t u r n a n e r r o r w h e n a d d i n g a n e x i s t i n g t u n n e l ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] i p _ t u n n e l : D o n t a l l o w t o a d d t h e s a m e t u n n e l m u l t i p l e t i m e s ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] g r e : U s e i n n e r m a c l e n g t h w h e n c o m p u t i n g t u n n e l l e n g t h ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] g r e : e n a b l e o f f l o a d s f o r G R E ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] i p v 4 : f i x a p o t e n t i a l u s e a f t e r f r e e i n g r e _ o f f l o a d . c ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] i p v 4 : f i x a p o t e n t i a l u s e a f t e r f r e e i n i p _ t u n n e l _ c o r e . c ( A l e x a n d e r D u y c k ) [ 1 1 5 1 8 8 6 1 1 5 2 3 6 8 ] b r > - [ n e t ] g r o : f i x a g g r e g a t i o n f o r s k b u s i n g f r a g _ l i s t ( A l e x a n d e r D u y c k ) [ 1 1 5 4 2 3 9 ] b r > - [ n e t ] g r o : m a k e s u r e s k b - > c b [ ] i n i t i a l c o n t e n t h a s n o t t o b e z e r o ( A l e x a n d e r D u y c k ) [ 1 1 5 4 2 3 9 ] b r > - [ n e t ] b r i d g e : n o t i f y u s e r s p a c e a f t e r f d b u p d a t e ( A l e x a n d e r D u y c k ) [ 1 1 0 9 6 0 5 ] b r > - [ n e t ] b r i d g e : F i x t h e w a y t o f i n d o l d l o c a l f d b e n t r i e s i n b r _ f d b _ c h a n g e a d d r ( A l e x a n d e r D u y c k ) [ 1 1 0 9 6 0 5 ] b r > - [ n e t ] h a n d l e e n c a p s u l a t i o n o f f l o a d s w h e n c o m p u t i n g s e g m e n t l e n g t h s ( J i r i B e n c ) [ 1 1 4 4 5 7 1 ] b r > - [ n e t ] g s o : m a k e s k b _ g s o _ s e g m e n t e r r o r h a n d l i n g m o r e r o b u s t ( J i r i B e n c ) [ 1 1 4 4 5 7 1 ] b r > - [ n e t ] g s o : u s e f e a t u r e f l a g a r g u m e n t i n a l l p r o t o c o l g s o h a n d l e r s ( J i r i B e n c ) [ 1 1 4 4 5 7 1 ] b r > - [ n e t ] u d p _ o f f l o a d : U s e I S _ E R R _ O R _ N U L L ( J i r i B e n c ) [ 1 1 4 4 5 7 1 ] b r > - [ n e t ] i p v 4 : U s e I S _ E R R _ O R _ N U L L ( J i r i B e n c ) [ 1 1 4 4 5 7 1 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 3 ] b r > - [ f s ] G F S 2 : I f w e u s e u p o u r b l o c k r e s e r v a t i o n , r e q u e s t m o r e n e x t t i m e ( R o b e r t S P e t e r s o n ) [ 1 1 4 2 2 3 8 ] b r > - [ f s ] G F S 2 : O n l y i n c r e a s e r s _ s i z e h i n t ( R o b e r t S P e t e r s o n ) [ 1 1 4 2 2 3 8 ] b r > - [ f s ] G F S 2 : S e t o f d i s t r i b u t e d p r e f e r e n c e s f o r r g r p s ( R o b e r t S P e t e r s o n ) [ 1 1 4 2 2 3 8 ] b r > - [ f s ] a u t o f s : f i x s y m l i n k s a r e n t c h e c k e d f o r e x p i r y ( I a n K e n t ) [ 1 1 1 6 1 8 2 ] b r > - [ f s ] G F S 2 : f i x r e g r e s s i o n i n d i r _ d o u b l e _ e x h a s h ( R o b e r t S P e t e r s o n ) [ 1 1 6 0 2 2 9 ] b r > - [ f s ] g f s 2 _ a t o m i c _ o p e n ( ) : s k i p l o o k u p s o n h a s h e d d e n t r y ( R o b e r t S P e t e r s o n ) [ 1 1 5 8 1 5 0 ] b r > - [ f s ] s p l i c e : p e r f o r m g e n e r i c w r i t e c h e c k s ( E r i c S a n d e e n ) [ 1 1 5 5 9 0 7 ] b r > - [ f s ] f s : s e q _ f i l e : f a l l b a c k t o v m a l l o c a l l o c a t i o n ( I a n K e n t ) [ 1 0 9 5 6 2 3 ] b r > - [ f s ] f s : / p r o c / s t a t : c o n v e r t t o s i n g l e _ o p e n _ s i z e ( ) ( I a n K e n t ) [ 1 0 9 5 6 2 3 ] b r > - [ f s ] f s : s e q _ f i l e : a l w a y s c l e a r m - > c o u n t w h e n w e f r e e m - > b u f ( I a n K e n t ) [ 1 0 9 5 6 2 3 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 2 ] b r > - [ e t h e r n e t ] m l x 4 : U s e P T Y S r e g i s t e r t o s e t e t h t o o l s e t t i n g s ( S p e e d ) ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : U s e P T Y S r e g i s t e r t o q u e r y e t h t o o l s e t t i n g s ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : u s e S P E E D _ U N K N O W N a n d D U P L E X _ U N K N O W N w h e n a p p r o p r i a t e ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : A d d 1 0 0 M , 2 0 G , 5 6 G s p e e d s e t h t o o l r e p o r t i n g s u p p o r t ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : A d d e t h e r n e t b a c k p l a n e a u t o n e g d e v i c e c a p a b i l i t y ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : I n t r o d u c e A C C E S S _ R E G C M D a n d e t h _ p r o t _ c t r l d e v c a p ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : C a b l e i n f o , g e t _ m o d u l e _ i n f o / e e p r o m e t h t o o l s u p p o r t ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : I n t r o d u c e m l x 4 _ g e t _ m o d u l e _ i n f o f o r c a b l e m o d u l e i n f o r e a d i n g ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ e t h e r n e t ] m l x 4 : E n a b l e C Q E / E Q E s t r i d e s u p p o r t ( A m i r V a d a i ) [ 1 0 6 0 2 2 1 ] b r > - [ v i r t ] k v m / v m x : d e f e r l o a d o f A P I C a c c e s s p a g e a d d r e s s d u r i n g r e s e t ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : d o n o t h a n d l e A P I C a c c e s s p a g e i f i n - k e r n e l i r q c h i p i s n o t i n u s e ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : U n p i n a n d r e m o v e k v m _ a r c h - > a p i c _ a c c e s s _ p a g e ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m / v m x : I m p l e m e n t s e t _ a p i c _ a c c e s s _ p a g e _ a d d r ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : A d d r e q u e s t b i t t o r e l o a d A P I C a c c e s s p a g e a d d r e s s ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : A d d a r c h s p e c i f i c m m u n o t i f i e r f o r p a g e i n v a l i d a t i o n ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : R e n a m e m a k e _ a l l _ c p u s _ r e q u e s t ( ) t o k v m _ m a k e _ a l l _ c p u s _ r e q u e s t ( ) a n d m a k e i t n o n - s t a t i c ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : R e m o v e e p t _ i d e n t i t y _ p a g e t a b l e f r o m s t r u c t k v m _ a r c h ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ v i r t ] k v m : U s e A P I C _ D E F A U L T _ P H Y S _ B A S E m a c r o a s t h e a p i c a c c e s s p a g e a d d r e s s ( P a o l o B o n z i n i ) [ 1 1 4 0 9 7 4 ] b r > - [ d r m ] v m w g f x : r e s p e c t ' n o m o d e s e t ' ( R o b C l a r k ) [ 1 1 0 1 3 8 1 ] b r > - [ s 3 9 0 ] q e t h : d o n t q u e r y f o r i n f o i f h a r d w a r e n o t r e a d y ( H e n d r i k B r u e c k n e r ) [ 1 1 4 7 5 7 3 ] b r > - [ b l o c k ] F i x d e v _ t m i n o r a l l o c a t i o n l i f e t i m e ( J e f f M o y e r ) [ 1 1 3 9 8 9 8 ] b r > - [ m d ] d m - c r y p t : f i x a c c e s s b e y o n d t h e e n d o f a l l o c a t e d s p a c e ( M i k e S n i t z e r ) [ 1 1 3 5 0 6 6 ] b r > - [ f s ] i s o f s : u n b o u n d r e c u r s i o n w h e n p r o c e s s i n g r e l o c a t e d d i r e c t o r i e s ( J a c o b T a n e n b a u m ) [ 1 1 4 2 2 7 1 ] { C V E - 2 0 1 4 - 5 4 7 1 C V E - 2 0 1 4 - 5 4 7 2 } b r > - [ e t h e r n e t ] b e 2 n e t : u s e v 1 o f S E T _ F L O W _ C O N T R O L c o m m a n d ( I v a n V e c e r a ) [ 1 0 8 7 1 2 8 ] b r > - [ a c p i ] r e t u r n 1 a f t e r s u c c e s s f u l l y i n s t a l l c m o s _ r t c s p a c e h a n d l e r ( A m o s K o n g ) [ 1 1 5 9 4 6 5 ] b r > - [ x 8 6 ] h y p e r v : B y p a s s t h e t i m e r _ i r q _ w o r k s ( ) c h e c k ( J a s o n W a n g ) [ 1 0 5 8 1 0 5 ] b r > - [ m m ] h u g e t l b : i n i t i a l i z e P G _ r e s e r v e d f o r t a i l p a g e s o f g i g a n t i c c o m p o u n d p a g e s ( L u i z C a p i t u l i n o ) [ 1 1 5 8 5 0 6 ] b r > - [ k e r n e l ] c p u s e t : P F _ S P R E A D _ P A G E a n d P F _ S P R E A D _ S L A B s h o u l d b e a t o m i c f l a g s ( A a r o n T o m l i n ) [ 1 1 6 0 3 6 0 ] b r > - [ i n f i n i b a n d ] q i b : C o r r e c t r e f e r e n c e c o u n t i n g i n d e b u g f s q p _ s t a t s ( R u i W a n g ) [ 1 1 5 0 0 0 1 ] b r > - [ x 8 6 ] u v : C h e c k f o r a l l o c _ c p u m a s k _ v a r ( ) f a i l u r e s p r o p e r l y i n u v _ n m i _ s e t u p ( ) ( G e o r g e B e s h e r s ) [ 1 1 5 5 7 5 4 ] b r > - [ p o w e r p c ] f a d u m p : F i x e n d i a n e s s i s s u e s i n f i r m w a r e a s s i s t e d d u m p h a n d l i n g ( S t e v e B e s t ) [ 1 1 5 9 7 7 3 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 1 ] b r > - [ s c s i ] i p r : w a i t f o r a b o r t e d c o m m a n d r e s p o n s e s ( G u s t a v o D u a r t e ) [ 1 1 5 6 5 3 0 ] b r > - [ e t h e r n e t ] m l x 4 : P r o t e c t p o r t t y p e s e t t i n g b y m u t e x ( A m i r V a d a i ) [ 1 0 9 5 3 4 5 ] b r > - [ a c p i ] p m : O n l y s e t p o w e r s t a t e s o f d e v i c e s t h a t a r e p o w e r m a n a g e a b l e ( A m o s K o n g ) [ 1 1 4 2 6 8 3 ] b r > - [ x 8 6 ] s e t u p : M a r k I n t e l H a s w e l l U L T a s s u p p o r t e d ( P r a r i t B h a r g a v a ) [ 1 1 5 9 0 0 6 ] b r > - [ k e r n e l ] s c h e d : F i x u n r e l e a s e d l l c _ s h a r e d _ m a s k b i t d u r i n g C P U h o t p l u g ( T a k a h i r o M U N E D A ) [ 1 1 1 6 2 9 4 ] b r > - [ m m ] d o n o t w a l k a l l o f s y s t e m m e m o r y d u r i n g s h o w _ m e m ( J o h a n n e s W e i n e r ) [ 1 1 2 5 4 3 3 ] b r > - [ m m ] r e m o v e n o i s y r e m a i n d e r o f t h e s c a n _ u n e v i c t a b l e i n t e r f a c e ( J o h a n n e s W e i n e r ) [ 1 1 1 1 2 1 5 ] b r > - [ p c i ] R e n a m e s y s f s ' e n a b l e d ' f i l e b a c k t o ' e n a b l e ' ( M y r o n S t o w e ) [ 1 1 5 9 6 5 5 ] b r > - [ k e r n e l ] s c h e d / f a i r : C a r e d i v i d e e r r o r i n u p d a t e _ t a s k _ s c a n _ p e r i o d ( ) ( M o t o h i r o K o s a k i ) [ 1 1 4 0 9 7 9 ] b r > - [ p o w e r p c ] n u m a : e n s u r e p e r - c p u N U M A m a p p i n g s a r e c o r r e c t o n t o p o l o g y u p d a t e ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] n u m a : u s e c a c h e d v a l u e o f u p d a t e - > c p u i n u p d a t e _ c p u _ t o p o l o g y ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] n u m a : A d d a b i l i t y t o d i s a b l e a n d d e b u g t o p o l o g y u p d a t e s ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] n u m a : c h e c k e r r o r r e t u r n f r o m p r o c _ c r e a t e ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] s o m e c h a n g e s i n n u m a _ s e t u p _ c p u ( ) ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] O n l y s e t n u m a n o d e i n f o r m a t i o n f o r p r e s e n t c p u s a t b o o t t i m e ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] F i x w a r n i n g r e p o r t e d b y v e r i f y _ c p u _ n o d e _ m a p p i n g ( ) ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] r e o r d e r p e r - c p u N U M A i n f o r m a t i o n s i n i t i a l i z a t i o n ( G u s t a v o D u a r t e ) [ 1 1 5 0 0 9 7 ] b r > - [ p o w e r p c ] p s e r i e s : M a k e C P U h o t p l u g p a t h e n d i a n s a f e ( S t e v e B e s t ) [ 1 1 5 9 5 7 9 ] b r > - [ p o w e r p c ] p s e r i e s : F i x e n d i a n i s s u e s i n c p u h o t - r e m o v a l ( S t e v e B e s t ) [ 1 1 5 9 5 7 9 ] b r > - [ p o w e r p c ] p s e r i e s : F i x e n d i a n i s s u e s i n o n l i n i n g c p u t h r e a d s ( S t e v e B e s t ) [ 1 1 5 9 5 7 9 ] b r > - [ x 8 6 ] s m p b o o t : F i x u p t y p o i n t o p o l o g y d e t e c t i o n ( P r a r i t B h a r g a v a ) [ 1 1 5 6 6 5 5 ] b r > - [ x 8 6 ] s m p b o o t : A d d n e w t o p o l o g y f o r m u l t i - N U M A - n o d e C P U s ( P r a r i t B h a r g a v a ) [ 1 1 5 8 2 6 9 ] b r > - [ k e r n e l ] s c h e d : R e w o r k s c h e d _ d o m a i n t o p o l o g y d e f i n i t i o n ( P r a r i t B h a r g a v a ) [ 1 1 5 8 2 6 9 ] b r > - [ u s b ] h u b : t a k e h u b - > h d e v r e f e r e n c e w h e n p r o c e s s i n g f r o m e v e n t l i s t ( D o n Z i c k u s ) [ 1 1 5 1 5 0 8 ] b r > - [ u s b ] e h c i : u n l i n k Q H s e v e n a f t e r t h e c o n t r o l l e r h a s s t o p p e d ( D o n Z i c k u s ) [ 1 1 5 1 4 9 1 ] b r > - [ t o o l s ] t e s t i n g / s e l f t e s t s / p o w e r p c : C o r r e c t D S C R d u r i n g T M c o n t e x t s w i t c h ( G u s t a v o D u a r t e ) [ 1 1 3 4 5 1 1 ] b r > - [ t o o l s ] t e s t i n g / s e l f t e s t s : A d d i n f r a s t r u c t u r e f o r p o w e r p c s e l f t e s t s ( G u s t a v o D u a r t e ) [ 1 1 3 4 5 1 1 ] b r > - [ s c s i ] i b m v s c s i : A b o r t i n i t s e q u e n c e d u r i n g e r r o r r e c o v e r y ( G u s t a v o D u a r t e ) [ 1 1 0 5 4 9 6 ] b r > - [ s c s i ] i b m v s c s i : A d d m e m o r y b a r r i e r s f o r s e n d / r e c e i v e ( G u s t a v o D u a r t e ) [ 1 1 0 5 4 9 6 ] b r > - [ x 8 6 ] f p u : _ _ r e s t o r e _ x s t a t e _ s i g ( ) - > m a t h _ s t a t e _ r e s t o r e ( ) n e e d s p r e e m p t _ d i s a b l e ( ) ( O l e g N e s t e r o v ) [ 1 1 2 1 7 8 4 ] b r > - [ x 8 6 ] f p u : s h i f t d r o p _ i n i t _ f p u ( ) f r o m s a v e _ x s t a t e _ s i g ( ) t o h a n d l e _ s i g n a l ( ) ( O l e g N e s t e r o v ) [ 1 1 2 1 7 8 4 ] b r > b r > [ 3 . 1 0 . 0 - 2 0 0 ] b r > - [ f s ] e x t 4 : f i x w r o n g a s s e r t i n e x t 4 _ m b _ n o r m a l i z e _ r e q u e s t ( ) ( L u k a s C z e r n e r ) [ 1 1 4 6 0 4 6 ] b r > - [ m m ] R e m o v e f a l s e W A R N _ O N f r o m p a g e c a c h e _ i s i z e _ e x t e n d e d ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : c h e c k s _ c h k s u m _ d r i v e r w h e n l o o k i n g f o r b g c s u m p r e s e n c e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : m o v e e r r o r r e p o r t o u t o f a t o m i c c o n t e x t i n e x t 4 _ i n i t _ b l o c k _ b i t m a p ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : R e p l a c e o p e n c o d e d m d a t a c s u m f e a t u r e t o h e l p e r f u n c t i o n ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x r e s e r v a t i o n o v e r f l o w i n e x t 4 _ d a _ w r i t e _ b e g i n ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a d d e x t 4 _ i g e t _ n o r m a l ( ) w h i c h i s t o b e u s e d f o r d i r t r e e l o o k u p s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : d o n t o r p h a n o r t r u n c a t e t h e b o o t l o a d e r i n o d e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : g r a b m i s s e d w r i t e _ c o u n t f o r E X T 4 _ I O C _ S W A P _ B O O T ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : g e t r i d o f c o d e d u p l i c a t i o n ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x o v e r - d e f e n s i v e c o m p l a i n t a f t e r j o u r n a l a b o r t ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x r e t u r n v a l u e o f e x t 4 _ d o _ u p d a t e _ i n o d e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x m m a p d a t a c o r r u p t i o n w h e n b l o c k s i z e p a g e s i z e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] v f s : f i x d a t a c o r r u p t i o n w h e n b l o c k s i z e p a g e s i z e f o r m m a p e d d a t a ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : d o n t c h e c k q u o t a f o r m a t w h e n t h e r e a r e n o q u o t a f i l e s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] j b d 2 : a v o i d p o i n t l e s s s c a n n i n g o f c h e c k p o i n t l i s t s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : e x p l i c i t l y i n f o r m u s e r a b o u t o r p h a n l i s t c l e a n u p ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] j b d 2 : j b d 2 _ l o g _ w a i t _ f o r _ s p a c e i m p r o v e e r r o r d e t e t c i o n ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] j b d 2 : f r e e b h w h e n d e s c r i p t o r b l o c k c h e c k s u m f a i l s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : c h e c k E A v a l u e o f f s e t w h e n l o a d i n g ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : d o n t k e e p u s i n g p a g e i f i n l i n e c o n v e r s i o n f a i l s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : v a l i d a t e e x t e r n a l j o u r n a l s u p e r b l o c k c h e c k s u m ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] j b d 2 : f i x j o u r n a l c h e c k s u m f e a t u r e f l a g h a n d l i n g ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : p r o v i d e s e p a r a t e o p e r a t i o n s f o r s y s f s f e a t u r e f i l e s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a d d s y s f s e n t r y s h o w i n g w h e t h e r t h e f s c o n t a i n s e r r o r s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e n u m b e r E X T 4 _ E X _ * f l a g s t o a v o i d f l a g a l i a s i n g p r o b l e m s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x c o m m e n t s a b o u t g e t _ b l o c k s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x a c c i d e n t a l f l a g a l i a s i n g i n e x t 4 _ m a p _ b l o c k s f l a g s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x Z E R O _ R A N G E b u g h i d d e n b y f l a g a l i a s i n g ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : u s e e x t 4 _ u p d a t e _ i _ d i s k s i z e i n s t e a d o f o p e n c o d e d o n e s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e m o v e a d u p l i c a t e c a l l i n e x t 4 _ i n i t _ n e w _ d i r ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a d d m i s s i n g B U F F E R _ T R A C E b e f o r e e x t 4 _ j o u r n a l _ g e t _ w r i t e _ a c c e s s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : c h e c k i n l i n e d i r e c t o r y b e f o r e c o n v e r t i n g ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x i n c o r r e c t l o c k i n g i n m o v e _ e x t e n t _ p e r _ p a g e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : u s e c o r r e c t d e p t h v a l u e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a d d i _ d a t a _ s e m s a n i t y c h e c k ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x w r o n g s i z e c o m p u t a t i o n i n e x t 4 _ m b _ n o r m a l i z e _ r e q u e s t ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : m a k e e x t 4 _ h a s _ i n l i n e _ d a t a ( ) a s a i n l i n e f u n c t i o n ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e m o v e r e a d p a g e ( ) c h e c k i n e x t 4 _ m m a p _ f i l e ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e m o v e m e t a d a t a r e s e r v a t i o n c h e c k s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e a r r a n g e i n i t i a l i z a t i o n t o f i x E X T 4 F S _ D E B U G ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x p o t e n t i a l n u l l p o i n t e r d e r e f e r e n c e i n e x t 4 _ f r e e _ i n o d e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : d e c r e m e n t f r e e c l u s t e r s / i n o d e s c o u n t e r s w h e n b l o c k g r o u p d e c l a r e d b a d ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : h a n d l e s y m l i n k p r o p e r l y w i t h i n l i n e _ d a t a ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e d u c e c o n t e n t i o n o n s _ o r p h a n _ l o c k ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : u s e s b i i n e x t 4 _ o r p h a n _ [ a d d | d e l ] ( ) ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e m o v e u n n e c e s s a r y d o u b l e p a r e n t h e s e s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : d o n o t d e s t r o y e x t 4 _ g r o u p i n f o _ c a c h e s i f e x t 4 _ m b _ i n i t ( ) f a i l s ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : m a k e l o c a l f u n c t i o n s s t a t i c ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x b l o c k b i t m a p v a l i d a t i o n w h e n b i g a l l o c , ^ f l e x _ b g ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i x b l o c k b i t m a p i n i t i a l i z a t i o n u n d e r s p a r s e _ s u p e r 2 ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : f i n d t h e g r o u p d e s c r i p t o r s o n a 1 k - b l o c k b i g a l l o c , m e t a _ b g f i l e s y s t e m ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a v o i d u n n e e d e d l o o k u p w h e n x a t t r n a m e i s i n v a l i d ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e m o v e o b s o l e t e d c h e c k ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : a d d a n e w s p i n l o c k i _ r a w _ l o c k t o p r o t e c t t h e e x t 4 s r a w i n o d e ( L u k a s C z e r n e r ) [ 1 1 5 6 0 9 6 ] b r > - [ f s ] e x t 4 : r e v e r t D i s a b l e p u n c h h o l e o n n o n - e x t e n t m a p p e d f i l e s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 8 ] b r > - [ f s ] e x t 4 : f i x t r a n s a c t i o n i s s u e s f o r e x t 4 _ f a l l o c a t e a n d e x t _ z e r o _ r a n g e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : m o v e i _ s i z e , i _ d i s k s i z e u p d a t e r o u t i n e s t o h e l p e r f u n c t i o n ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x i n c o r e c t j o u r n a l c r e d i t s r e s e r v a t i o n i n e x t 4 _ z e r o _ r a n g e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x C O L L A P S E R A N G E t e s t f o r b i g a l l o c f i l e s y s t e m s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x p u n c h h o l e o n f i l e s w i t h i n d i r e c t m a p p i n g ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : F i x b l o c k z e r o i n g w h e n p u n c h i n g h o l e s i n i n d i r e c t b l o c k f i l e s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x Z E R O _ R A N G E t e s t f a i l u r e i n d a t a j o u r n a l l i n g ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : u s e E X T _ M A X _ B L O C K S i n e x t 4 _ e s _ c a n _ b e _ m e r g e d ( ) ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : r e n a m e u n i n i t i a l i z e d e x t e n t s t o u n w r i t t e n ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : d i s a b l e C O L L A P S E _ R A N G E f o r b i g a l l o c ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x C O L L A P S E _ R A N G E f a i l u r e w i t h 1 K B b l o c k s i z e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : u s e E I N V A L i f n o t a r e g u l a r f i l e i n e x t 4 _ c o l l a p s e _ r a n g e ( ) ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : e n f o r c e w e a r e o p e r a t i n g o n a r e g u l a r f i l e i n e x t 4 _ z e r o _ r a n g e ( ) ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x e x t e n t m e r g i n g i n e x t 4 _ e x t _ s h i f t _ p a t h _ e x t e n t s ( ) ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : d i s c a r d p r e a l l o c a t i o n s a f t e r r e m o v i n g s p a c e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : n o n e e d t o t r u n c a t e p a g e c a c h e t w i c e i n c o l l a p s e r a n g e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x r e m o v i n g s t a t u s e x t e n t s i n e x t 4 _ c o l l a p s e _ r a n g e ( ) ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : u s e f i l e m a p _ w r i t e _ a n d _ w a i t _ r a n g e ( ) c o r r e c t l y i n c o l l a p s e r a n g e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : u s e t r u n c a t e _ p a g e c a c h e ( ) i n c o l l a p s e r a n g e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : a l w a y s c h e c k e x t 4 _ e x t _ f i n d _ e x t e n t r e s u l t ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : C O L L A P S E _ R A N G E o n l y w o r k s o n e x t e n t - b a s e d f i l e s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x b y t e o r d e r p r o b l e m s i n t r o d u c e d b y t h e C O L L A P S E _ R A N G E p a t c h e s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : d i s a l l o w a l l f a l l o c a t e o p e r a t i o n o n a c t i v e s w a p f i l e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : m o v e f a l l o c c o l l a p s e r a n g e c h e c k i n t o t h e f i l e s y s t e m m e t h o d s ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : f i x C O L L A P S E _ R A N G E t e s t f a i l u r e i n d a t a j o u r n a l l i n g m o d e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : r e m o v e u n n e e d e d t e s t o f r e t v a r i a b l e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : I n t r o d u c e F A L L O C _ F L _ Z E R O _ R A N G E f l a g f o r f a l l o c a t e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : I n t r o d u c e F A L L O C _ F L _ Z E R O _ R A N G E f l a g f o r f a l l o c a t e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : r e f a c t o r e x t 4 _ f a l l o c a t e c o d e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : U p d a t e i n o d e i _ s i z e a f t e r t h e p r e a l l o c a t i o n ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : A d d n e w f l a g ( F A L L O C _ F L _ C O L L A P S E _ R A N G E ) f o r f a l l o c a t e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > - [ f s ] e x t 4 : A d d s u p p o r t F A L L O C _ F L _ C O L L A P S E _ R A N G E f o r f a l l o c a t e ( L u k a s C z e r n e r ) [ 1 1 5 0 1 7 1 ] b r > / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 3 6 9 0 . h t m l \" > C V E - 2 0 1 4 - 3 6 9 0 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 3 9 4 0 . h t m l \" > C V E - 2 0 1 4 - 3 9 4 0 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 7 8 2 5 . h t m l \" > C V E - 2 0 1 4 - 7 8 2 5 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 7 8 2 6 . h t m l \" > C V E - 2 0 1 4 - 7 8 2 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 0 8 6 . h t m l \" > C V E - 2 0 1 4 - 8 0 8 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 1 6 0 . h t m l \" > C V E - 2 0 1 4 - 8 1 6 0 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 1 7 2 . h t m l \" > C V E - 2 0 1 4 - 8 1 7 2 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 1 7 3 . h t m l \" > C V E - 2 0 1 4 - 8 1 7 3 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 7 0 9 . h t m l \" > C V E - 2 0 1 4 - 8 7 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 8 8 4 . h t m l \" > C V E - 2 0 1 4 - 8 8 8 4 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 5 - 0 2 7 4 . h t m l \" > C V E - 2 0 1 5 - 0 2 7 4 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 7 ( x 8 6 _ 6 4 ) / t d > t d > k e r n e l - 3 . 1 0 . 0 - 2 2 9 . e l 7 . s r c . r p m / t d > t d > 5 c a f 4 4 b 0 6 9 e 2 1 d 4 3 5 e 0 c a 8 5 0 8 0 8 5 a 5 1 4 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 1 8 b e f 4 d 5 5 7 c 5 5 9 d e 3 1 4 1 c 6 a 8 8 e a f c d 3 0 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - a b i - w h i t e l i s t s - 3 . 1 0 . 0 - 2 2 9 . e l 7 . n o a r c h . r p m / t d > t d > 3 c 8 3 5 f 4 8 6 5 7 1 8 f b 6 1 1 c 2 c f 3 5 c 8 a 9 f 7 2 0 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e b u g - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > b 7 3 f 1 4 7 1 e f 1 7 9 d c 2 6 e 8 a 8 7 b c 9 1 3 d c e f 6 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e b u g - d e v e l - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 8 8 7 5 9 5 1 4 d f 7 3 b f 1 9 0 a 2 a b d 6 7 a 1 3 3 7 e 4 0 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d e v e l - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 4 5 d f 1 1 5 a d 7 3 b 0 6 1 9 3 a a 1 c e 5 e 3 c 2 9 6 f c e / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - d o c - 3 . 1 0 . 0 - 2 2 9 . e l 7 . n o a r c h . r p m / t d > t d > e e 9 4 d d 9 c c 8 d 7 7 7 8 2 1 4 2 f 0 a 8 8 a a 7 8 0 b 7 9 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - h e a d e r s - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 9 8 9 0 c 1 a f 6 4 4 f 4 3 b b 2 3 3 f 0 6 3 4 4 4 c 7 2 6 1 8 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 4 6 3 1 9 1 e 7 6 4 5 6 4 4 1 4 7 8 b 0 0 b 0 a d 5 4 7 8 6 5 e / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - l i b s - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > d f 1 6 a c a 1 b 7 7 e b b 6 2 a 0 5 6 a 2 d 2 a 6 3 8 4 c 9 b / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - t o o l s - l i b s - d e v e l - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 5 6 a 3 4 a 3 3 b 6 a 1 6 6 a 9 2 2 5 5 7 a 5 8 9 8 e c 4 4 d 8 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > p e r f - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 1 2 e f 5 9 b 1 3 2 2 e 6 3 0 6 4 3 9 b 7 0 1 9 0 f d 7 0 1 9 e / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > t r > t d > / t d > t d > p y t h o n - p e r f - 3 . 1 0 . 0 - 2 2 9 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 7 d e e 7 3 2 0 1 1 5 e c c e 3 2 9 7 2 1 a 1 6 7 4 d c 3 b 3 b / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 2 4 7 3 - 1 . h t m l \" > E L S A - 2 0 1 7 - 2 4 7 3 - 1 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2015-03-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0290.html", "cvelist": ["CVE-2014-3940", "CVE-2014-7825", "CVE-2014-8160", "CVE-2014-7841", "CVE-2015-0274", "CVE-2014-8173", "CVE-2014-9322", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-8884", "CVE-2014-3690", "CVE-2014-8172", "CVE-2014-8086", "CVE-2014-5471", "CVE-2014-7826"], "lastseen": "2018-04-04T13:00:42"}, {"id": "ELSA-2015-3013", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-55.1.8]\n- kvm: fix excessive pages un-pinning in kvm_iommu_map error path. (Quentin Casasnovas) [Orabug: 20687313] {CVE-2014-3601} {CVE-2014-8369} {CVE-2014-3601}\n[3.8.13-55.1.7]\n- ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673376] {CVE-2014-8884}\n- mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673281] {CVE-2014-8173}\n- netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20673239] {CVE-2014-8160}\n- tracing/syscalls: Ignore numbers outside NR_syscalls' range (Rabin Vincent) [Orabug: 20673163] {CVE-2014-7826}", "published": "2015-03-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3013.html", "cvelist": ["CVE-2014-8369", "CVE-2014-7825", "CVE-2014-8160", "CVE-2014-8173", "CVE-2014-3601", "CVE-2014-8884", "CVE-2014-7826"], "lastseen": "2016-09-04T11:16:01"}, {"id": "ELSA-2015-3012", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security and bugfix update", "description": "kernel-uek\n[3.8.13-68]\n- ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673373] {CVE-2014-8884}\n- mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673279] {CVE-2014-8173}\n- netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20673235] {CVE-2014-8160}\n[3.8.13-67]\n- sparc64: Remove deprecated __GFP_NOFAIL from mdesc_kmalloc (Eric Snowberg) [Orabug: 20055909] \n- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618880] \n- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618880] \n- xen-netfront: Fix handling packets on compound pages with skb_linearize (Zoltan Kiss) [Orabug: 19546077] \n- qla2xxx: Add adapter checks for FAWWN functionality. (Saurav Kashyap) [Orabug: 20474227] \n- config: enable CONFIG_MODULE_SIG_SHA512 (Guangyu Sun) [Orabug: 20611400] \n- net: rds: use correct size for max unacked packets and bytes (Sasha Levin) [Orabug: 20585918] \n- watchdog: w83697hf_wdt: return ENODEV if no device was found (Stanislav Kholmanskikh) [Orabug: 18122938] \n- NVMe: Disable pci before clearing queue (Keith Busch) [Orabug: 20564650]\n[3.8.13-66]\n- bnx2fc: upgrade to 2.8.2 (Dan Duval) [Orabug: 20523502] \n- bnx2i: upgrade to 2.11.0.0 (Dan Duval) [Orabug: 20523502] \n- bnx2x: upgrade to 1.712.10 (Dan Duval) [Orabug: 20523502] \n- cnic: upgrade to 2.721.01 (Dan Duval) [Orabug: 20523502] \n- bnx2: upgrade to 2.712.01 (Dan Duval) [Orabug: 20523502] \n- Update lpfc version for 10.6.61 (rkennedy) [Orabug: 20539686] \n- Remove consolidated merge lines from previous patch, they require a 3.19 kernel to build with. (rkennedy) [Orabug: 20539686] \n- Implement support for wire-only DIF devices (rkennedy) [Orabug: 20539686] \n- lpfc: Update copyright to 2015 (rkennedy) [Orabug: 20539686] \n- lpfc: Update Copyright on changed files (James Smart) [Orabug: 20539686] \n- lpfc: Fix for lun discovery issue with 8Gig adapter. (rkennedy) [Orabug: 20539686] \n- lpfc: Fix crash in device reset handler. (rkennedy) [Orabug: 20539686] \n- lpfc: application causes OS crash when running diagnostics (rkennedy) [Orabug: 20539686] \n- lpfc: Fix internal loopback failure (rkennedy) [Orabug: 20539686] \n- lpfc: Fix premature release of rpi bit in bitmask (rkennedy) [Orabug: 20539686] \n- lpfc: Initiator sends wrong BBCredit value for either FLOGI or FLOGI_ACC (rkennedy) [Orabug: 20539686] \n- lpfc: Fix null ndlp derefernce in target_reset_handler (rkennedy) [Orabug: 20539686] \n- lpfc: Fix FDMI Fabric support (rkennedy) [Orabug: 20539686] \n- lpfc: Fix provide host name and OS name in RSNN-NN FC-GS command (rkennedy) [Orabug: 20539686] \n- lpfc: Parse the new 20G, 25G and 40G link speeds in the lpfc driver (rkennedy) [Orabug: 20539686] \n- lpfc: lpfc does not support option_rom_version sysfs attribute on newer adapters (rkennedy) [Orabug: 20539686] \n- lpfc: Fix setting of EQ delay Multiplier (rkennedy) [Orabug: 20539686] \n- lpfc: Fix host reset escalation killing all IOs. (rkennedy) [Orabug: 20539686] \n- lpfc: Linux lpfc driver doesnt re-establish the link after a cable pull on LPe12002 (rkennedy) [Orabug: 20539686] \n- lpfc: Fix to handle PLOGI when already logged in (rkennedy) [Orabug: 20539686] \n- lpfc: EnableBootCode from hbacmd fails on Lancer (rkennedy) [Orabug: 20539686] \n- lpfc: Add Lancer Temperature Event support to the lpfc driver (rkennedy) [Orabug: 20539686] \n- lpfc: Fix the iteration count to match the 30 sec comment (rkennedy) [Orabug: 20539686] \n- lpfc: fix low priority issues from fortify source code scan (James Smart) [Orabug: 20539686] \n- lpfc: fix high priority issues from fortify source code scan (James Smart) [Orabug: 20539686] \n- lpfc: fix for handling unmapped ndlp in target reset handler (James Smart) [Orabug: 20539686] \n- lpfc: fix crash from page fault caused by use after rport delete (James Smart) [Orabug: 20539686] \n- lpfc: fix locking issues with abort data paths (James Smart) [Orabug: 20539686] \n- lpfc: fix race between LOGO/PLOGI handling causing NULL pointer (James Smart) [Orabug: 20539686] \n- lpfc: fix quarantined XRI recovery qualifier state in link bounce (James Smart) [Orabug: 20539686] \n- lpfc: fix discovery timeout during nameserver login (James Smart) [Orabug: 20539686] \n- lpfc: fix IP Reset processing - wait for RDY before proceeding (James Smart) [Orabug: 20539686] \n- lpfc: Update lpfc version to driver version 10.2.8000.0 (James Smart) [Orabug: 20539686] \n- net: Check for presence of IFLA_AF_SPEC (Thomas Graf) [Orabug: 20382857] \n- net: Validate IFLA_BRIDGE_MODE attribute length (Thomas Graf) [Orabug: 20382857] \n- be2net: fix alignment on line wrap (Kalesh AP) [Orabug: 20382857] \n- be2net: remove multiple assignments on a single line (Kalesh AP) [Orabug: 20382857] \n- be2net: remove space after typecasts (Kalesh AP) [Orabug: 20382857] \n- be2net: remove unnecessary blank lines after an open brace (Kalesh AP) [Orabug: 20382857] \n- be2net: insert a blank line after function/struct//enum definitions (Kalesh AP) [Orabug: 20382857] \n- be2net: remove multiple blank lines (Kalesh AP) [Orabug: 20382857] \n- be2net: add blank line after declarations (Kalesh AP) [Orabug: 20382857] \n- be2net: remove return statements for void functions (Kalesh AP) [Orabug: 20382857] \n- be2net: add speed reporting for 20G-KR interface (Vasundhara Volam) [Orabug: 20382857] \n- be2net: add speed reporting for 40G/KR interface (Kalesh AP) [Orabug: 20382857] \n- be2net: fix sparse warnings in be_cmd_req_port_type{} (Suresh Reddy) [Orabug: 20382857] \n- be2net: fix a sparse warning in be_cmd_modify_eqd() (Kalesh AP) [Orabug: 20382857] \n- enic: fix rx napi poll return value (Govindarajulu Varadarajan) [Orabug: 20342354] \n- net: rename vlan_tx_* helpers since 'tx' is misleading there (Jiri Pirko) [Orabug: 20342354] \n- enic: free all rq buffs when allocation fails (Govindarajulu Varadarajan) [Orabug: 20342354] \n- net: ethernet: cisco: enic: enic_dev: Remove some unused functions (Rickard Strandqvist) [Orabug: 20342354] \n- enic: add stats for dma mapping error (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: check dma_mapping_error (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: make vnic_wq_buf doubly linked (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix rx skb checksum (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix work done in tx napi_poll (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: update desc properly in rx_copybreak (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: handle error condition properly in enic_rq_indicate_buf (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: Do not call napi_disable when preemption is disabled. (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free (Govindarajulu Varadarajan) [Orabug: 20342354] \n- drivers/net: Convert remaining uses of pr_warning to pr_warn (Joe Perches) [Orabug: 20342354] \n- enic: implement rx_copybreak (Govindarajulu Varadarajan) [Orabug: 20342354] \n- PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use (Benoit Taine) [Orabug: 20342354] \n- enic: add pci_zalloc_consistent to kcompat.h (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: use pci_zalloc_consistent (Joe Perches) [Orabug: 20342354] \n- enic: Add ethtool support to show classifier filters added by the driver (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: remove #ifdef CONFIG_RFS_ACCEL around filter structures (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix return values in enic_set_coalesce (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix compile issue when CONFIG_NET_RX_BUSY_POLL is N (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: add kcompat file (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: Make dummy rfs functions inline to fix !CONFIG_RFS_ACCEL build (Geert Uytterhoeven) [Orabug: 20342354] \n- enic: do tx cleanup in napi poll (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: add low latency socket busy_poll support (Govindarajulu Varadarajan) [Orabug: 20342354] \n- net: vlan: add protocol argument to packet tagging functions (Patrick McHardy) [Orabug: 20342354] \n- net: vlan: prepare for 802.1ad VLAN filtering offload (Patrick McHardy) [Orabug: 20342354] \n- net: vlan: rename NETIF_F_HW_VLAN_* feature flags to NETIF_F_HW_VLAN_CTAG_* (Patrick McHardy) [Orabug: 20342354] \n- enic: fix lockdep around devcmd_lock (Tony Camuso) [Orabug: 20342354] \n- enic: Add Accelerated RFS support (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: alloc/free rx_cpu_rmap (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: devcmd for adding IP 5 tuple hardware filters (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: fix return value in _vnic_dev_cmd (Govindarajulu Varadarajan) [Orabug: 20342354] \n- net: use SPEED_UNKNOWN and DUPLEX_UNKNOWN when appropriate (Jiri Pirko) [Orabug: 20342354] \n- enic: Fix 64 bit divide on 32bit system (Govindarajulu Varadarajan) [Orabug: 20342354] \n- enic: Add support for adaptive interrupt coalescing (Sujith Sankar) [Orabug: 20342354] \n- net: get rid of SET_ETHTOOL_OPS (Wilfried Klaebe) [Orabug: 20342354] \n- enic: Use pci_enable_msix_range() instead of pci_enable_msix() (Alexander Gordeev) [Orabug: 20342354] \n- bnx2x: Not use probe_defer (Vaughan Cao) [Orabug: 20405577] \n- Revert 'nfsd4: fix leak of inode reference on delegation failure' (Dan Duval) [Orabug: 20280060] \n- ipoib/ib core: set module_unload_allowed = 0 as default (Qing Huang) [Orabug: 20048920] \n- xfs: fix directory hash ordering bug (Mark Tinguely) [Orabug: 19695297] \n- xfs: fix node forward in xfs_node_toosmall (Mark Tinguely) [Orabug: 19695297] \n- XFS: Assertion failed: first <= last && last < BBTOB(bp->b_length), file: fs/xfs/xfs_trans_buf.c, line: 568 (Dave Chinner) [Orabug: 19695297] \n- mlx4_vnic: Skip fip discover restart if pkey index not changed (Yuval Shaia) [Orabug: 19153757]\n[3.8.13-65]\n- uek-rpm: ol7: update update-el to 7.1 (Guangyu Sun) [Orabug: 20524699]\n[3.8.13-64]\n- storvsc: ring buffer failures may result in I/O freeze (Long Li) [Orabug: 20328185] \n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 20429934] {CVE-2013-7421}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 20429934] {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 20429934] {CVE-2013-7421}\n- be2iscsi : Bump the driver version (John Soni Jose) [Orabug: 20426078] \n- be2iscsi : Fix memory leak in the unload path (John Soni Jose) [Orabug: 20426078] \n- be2iscsi : Fix the PCI request region reserving. (John Soni Jose) [Orabug: 20426078] \n- be2iscsi : Fix the retry count for boot targets (John Soni Jose) [Orabug: 20426078] \n- fuse: Ensure request structure is not modified after being reused. (Ashish Samant) [Orabug: 20396380] \n- x86, apic, kexec: Add disable_cpu_apicid kernel parameter (HATAYAMA Daisuke) [Orabug: 20344754] \n- nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [Orabug: 20070817] \n- ocfs2: implement delayed dropping of last dquot reference (Jan Kara) [Orabug: 19559063] \n- ib/sdp: fix null dereference of sk->sk_wq in sdp_rx_irq() (Chuck Anderson) [Orabug: 20482741]\n[3.8.13-63]\n- ext4: protect write with sb_start/end_write in ext4_file_dio_write (Guangyu Sun) [Orabug: 20427284] \n- fs/pipe.c: skip file_update_time on frozen fs (Dmitry Monakhov) [Orabug: 20427126] \n- hpsa: remove 'action required' phrasing (Stephen M. Cameron) [Orabug: 20363086] \n- hpsa: remove spin lock around command allocation (Stephen M. Cameron) [Orabug: 20363086] \n- hpsa: always call pci_set_master after pci_enable_device (Robert Elliott) [Orabug: 20363086] \n- hpsa: Convert SCSI LLD ->queuecommand() for host_lock less operation (Nicholas Bellinger) [Orabug: 20363086] \n- hpsa: do not be so noisy about check conditions (Stephen M. Cameron) [Orabug: 20363086] \n- hpsa: use atomics for commands_outstanding (Stephen M. Cameron) [Orabug: 20363086] \n- hpsa: get rid of type/attribute/direction bit field wh e r e p o s s i b l e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : f i x e n d i a n n e s s i s s u e w i t h s c a t t e r g a t h e r e l e m e n t s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : f i x a l l o c a t i o n s i z e s f o r C I S S _ R E P O R T _ L U N s c o m m a n d s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : c o r r e c t o f f - b y - o n e s i z i n g o f c h a i n e d S G b l o c k ( W e b b S c a l e s ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : f i x a c o u p l e p c i i d t a b l e m i s t a k e s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : r e m o v e d e v _ w a r n p r i n t s f r o m R A I D - 1 A D M ( R o b e r t E l l i o t t ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : C l e a n u p w a r n i n g s f r o m s p a r s e . ( D o n B r a c e ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : a d d m i s s i n g p c i _ s e t _ m a s t e r i n k d u m p p a t h ( T o m a s H e n z l ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : r e f i n e t h e p c i e n a b l e / d i s a b l e h a n d l i n g ( T o m a s H e n z l ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - h p s a : F a l l b a c k t o M S I r a t h e r t h a n t o I N T x i f M S I - X f a i l e d ( A l e x a n d e r G o r d e e v ) [ O r a b u g : 2 0 3 6 3 0 8 6 ] b r > - l i b a t a : p r e v e n t H S M s t a t e c h a n g e r a c e b e t w e e n I S R a n d P I O ( D a v i d J e f f e r y ) [ O r a b u g : 2 0 0 1 9 3 0 2 ] b r > b r > [ 3 . 8 . 1 3 - 6 2 ] b r > - i 4 0 e : B u m p i 4 0 e v e r s i o n t o 1 . 2 . 2 a n d i 4 0 e v f v e r s i o n t o 1 . 0 . 6 ( C a t h e r i n e S u l l i v a n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : g e t p f _ i d f r o m H W r a t h e r t h a n P C I f u n c t i o n ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : i n c r e a s e A R Q s i z e ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : I n c r e a s e r e s e t d e l a y ( K e v i n S c o t t ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : m a k e e a r l y i n i t s e q u e n c e e v e n m o r e r o b u s t ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : f i x n e t d e v _ s t a t m a c r o d e f i n i t i o n ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : D e f i n e a n d u s e i 4 0 e _ i s _ v f m a c r o ( A n j a l i S i n g h a i J a i n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : A d d a v i r t u a l c h a n n e l o p t o c o n f i g R S S ( A n j a l i S i n g h a i J a i n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : d o n t e n a b l e P T P s u p p o r t o n m o r e t h a n o n e P F p e r p o r t ( J a c o b K e l l e r ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : a l l o w v a r i o u s b a s e n u m b e r s i n d e b u g f s a q c o m m a n d s ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : r e m o v e u s e l e s s d e b u g n o i s e ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : R e m o v e u n n e e d e d b r e a k s t a t e m e n t ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : t r i g g e r S W I N T w i t h n o I T R w a i t ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : r e m o v e u n n e c e s s a r y e l s e ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : m a k e c h e c k p a t c h h a p p y ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : u p d a t e h e a d e r c o m m e n t s ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : d o n t o v e r l o a d f i e l d s ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : P r e v e n t l i n k f l o w c o n t r o l s e t t i n g s w h e n P F C i s e n a b l e d ( N e e r a v P a r i k h ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : U p d a t e V E B s e n a b l e d _ t c a f t e r r e c o n f i g u r a t i o n ( N e e r a v P a r i k h ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : B u m p v e r s i o n t o 1 . 1 . 2 3 ( C a t h e r i n e S u l l i v a n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : r e - e n a b l e V F L R i n t e r r u p t s o o n e r ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : o n l y w a r n o n c e o f P T P n o n s u p p o r t i n 1 0 0 M b i t s p e e d ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : d o n t u s e m o r e q u e u e s t h a n C P U s ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : m a k e e a r l y i n i t p r o c e s s i n g m o r e r o b u s t ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : c l e a n u p t h r o t t l e r a t e c o d e ( J e s s e B r a n d e b u r g ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : d o n t d o l i n k _ s t a t u s o r s t a t s c o l l e c t i o n o n e v e r y A R Q ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : p o l l f i r m w a r e s l o w e r ( K a m i l K r a w c z y k ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : p r o p e r l y p a r s e M D E T r e g i s t e r s ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : c o n f i g u r e V M I D i n q t x _ c t l ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : e n a b l e d e b u g e a r l i e r ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : b e t t e r w o r d i n g f o r r e s o u r c e t r a c k i n g e r r o r s ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : s c a l e m s i x v e c t o r u s e w h e n m o r e c o r e s t h a n v e c t o r s ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : r e m o v e d e b u g f s d u m p s t a t s ( S h a n n o n N e l s o n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : a v o i d d i s a b l e o f i n t e r r u p t w h e n c h a n g i n g I T R ( J e s s e B r a n d e b u r g ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : A d d s u p p o r t f o r 1 0 G b a s e T p a r t s ( P a u l M S t i l l w e l l J r ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : f i x l i n k c h e c k i n g l o g i c ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e v f : p r o p e r l y h a n d l e m u l t i p l e A Q m e s s a g e s ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : A d d c o n d i t i o n t o e n t e r f d i r f l u s h a n d r e i n i t ( A k e e m G A b o d u n r i n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : B u m p v e r s i o n ( C a t h e r i n e S u l l i v a n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : M o v i n g v a r i a b l e d e c l a r a t i o n o u t o f t h e l o o p s ( A k e e m G A b o d u n r i n ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : A d d 1 0 G B a s e T s u p p o r t ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > - i 4 0 e : p r o c e s s l i n k e v e n t s w h e n s e t t i n g u p s w i t c h ( M i t c h W i l l i a m s ) [ O r a b u g : 2 0 1 9 9 7 1 4 ] b r > / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 7 4 2 1 . h t m l \" > C V E - 2 0 1 3 - 7 4 2 1 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 9 6 4 4 . h t m l \" > C V E - 2 0 1 4 - 9 6 4 4 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 3 6 1 0 . h t m l \" > C V E - 2 0 1 4 - 3 6 1 0 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 7 9 7 5 . h t m l \" > C V E - 2 0 1 4 - 7 9 7 5 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 1 3 4 . h t m l \" > C V E - 2 0 1 4 - 8 1 3 4 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 8 1 3 3 . h t m l \" > C V E - 2 0 1 4 - 8 1 3 3 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 6 8 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . s r c . r p m / t d > t d > 6 1 b 9 8 d 4 9 2 e 6 c 4 0 3 0 a 3 b 0 a a 2 b 3 8 0 b 6 4 6 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . s r c . r p m / t d > t d > 8 7 b e a 7 1 2 a a d 2 d 4 8 2 1 e b e 1 8 b e 7 b 8 6 6 1 9 4 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 6 8 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > b 1 7 8 4 0 5 6 4 9 4 4 e a 8 c c 1 3 f 6 2 0 5 e b 8 a 8 5 4 8 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > a 9 f 9 c 8 1 a 9 c 7 e 1 6 0 c f 4 b c 7 8 2 6 6 b 6 2 3 d 8 3 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 3 6 f c f 8 2 9 a 0 b e 8 3 e 3 1 5 7 c 0 8 3 f 0 2 5 6 0 5 9 b / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > d 3 8 0 2 d 8 c a b 7 c a e 2 1 2 9 6 5 4 5 0 9 f 7 0 1 f e b 9 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 6 2 a 0 3 0 8 b 5 a 6 9 8 2 e 9 1 6 5 a 1 f 5 7 1 a d 3 8 a 7 2 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . n o a r c h . r p m / t d > t d > 9 0 b f 0 6 2 3 4 8 d 0 a 7 2 c 1 f b a c e e 2 0 4 6 1 6 8 5 1 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 3 . 8 . 1 3 - 6 8 . e l 6 u e k . n o a r c h . r p m / t d > t d > c d 9 5 c 7 4 2 5 b 4 d 7 8 5 5 4 0 a 2 e e 9 b 4 0 a 7 8 a 6 a / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 7 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 6 8 . e l 7 u e k - 0 . 4 . 3 - 4 . e l 7 . s r c . r p m / t d > t d > 0 6 e a f 1 0 0 6 6 7 6 f 6 0 b b c 5 8 4 2 a e 2 4 9 f 4 e 8 5 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . s r c . r p m / t d > t d > 4 b 1 e 2 0 8 3 1 e 6 5 a 3 f 0 5 1 a d 8 f a f 6 b 3 c 6 1 2 d / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 6 8 . e l 7 u e k - 0 . 4 . 3 - 4 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 6 e e a 6 2 d 6 3 e b e 5 4 d 2 e e b c 7 3 5 5 a b 7 b a 4 b 5 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > e f b b 3 2 9 2 b 5 d 6 2 a 3 4 7 5 5 0 d 8 4 5 c f 0 8 7 7 d 2 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > c 7 e 4 b 0 f 4 7 3 7 3 7 c f 8 8 6 5 2 0 7 c 8 0 d 4 0 7 b 3 9 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 0 d e 2 b e c f b 2 8 d c d 9 c 2 9 a d 1 e 9 b c d b 5 9 9 4 3 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 1 d 2 8 e 3 8 b e 3 0 1 e 9 3 c c 3 3 7 3 8 7 3 9 c 2 2 3 f 9 c / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . n o a r c h . r p m / t d > t d > 8 f d 6 d 6 c 8 a 2 e 6 f 3 2 6 e c 9 c 8 b d 3 c b 4 b d f 3 d / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 3 . 8 . 1 3 - 6 8 . e l 7 u e k . n o a r c h . r p m / t d > t d > 2 9 0 7 1 d 2 0 c 0 f 9 d d 1 9 8 a 9 6 0 7 6 4 a 3 3 4 e a 2 2 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3012.html", "cvelist": ["CVE-2014-9644", "CVE-2014-8134", "CVE-2014-8160", "CVE-2014-3610", "CVE-2014-8173", "CVE-2014-7975", "CVE-2014-8884", "CVE-2013-7421", "CVE-2014-8133"], "lastseen": "2018-04-04T13:01:06"}, {"id": "ELSA-2015-0864", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.32-504.16.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}\n[2.6.32-504.16.1]\n- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]\n- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}\n- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]\n- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]\n- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]\n- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]\n- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]\n- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]\n- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}\n- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}\n- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]\n- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}\n- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}\n- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]\n- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]\n- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]\n- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]\n- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]\n- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}\n- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n- [security] Add PR_\n_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}\n[2.6.32-504.15.1]\n- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]\n- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]\n- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]\n- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]\n- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]\n- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]\n- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]\n- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]\n[2.6.32-504.14.1]\n- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]\n- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]\n- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]\n- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]\n- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]\n- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]\n[2.6.32-504.13.1]\n- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]\n- [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072]\n- [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072]\n- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]\n- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]\n- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]\n- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]\n- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]", "published": "2015-04-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0864.html", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-7825", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8884", "CVE-2014-9584", "CVE-2014-3690", "CVE-2014-8171", "CVE-2014-7826"], "lastseen": "2016-09-04T11:17:03"}, {"id": "ELSA-2016-3502", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.264.13]\n- KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872}\n[2.6.39-400.264.12]\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.39-400.264.11]\n- KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}\n[2.6.39-400.264.9]\n- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613}\n[2.6.39-400.264.8]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613}\n[2.6.39-400.264.7]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n[2.6.39-400.264.6]\n- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) \n- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) \n- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] \n- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) \n- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) \n- IB: Return error for unsupported QP creation flags (Or Gerlitz) \n- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]", "published": "2016-01-08T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3502.html", "cvelist": ["CVE-2014-9644", "CVE-2010-5313", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2014-7842", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:43"}], "redhat": [{"id": "RHSA-2015:0285", "type": "redhat", "title": "(RHSA-2015:0285) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\nThis issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs:\n\n* Due to several bugs in the network console logging, a race condition\nbetween the network console send operation and the driver's IRQ handler\ncould occur, or the network console could access invalid memory content.\nAs a consequence, the respective driver, such as vmxnet3, triggered a\nBUG_ON() assertion and the system terminated unexpectedly. A patch\naddressing these bugs has been applied so that driver's IRQs are disabled\nbefore processing the send operation and the network console now accesses\nthe RCU-protected (read-copy update) data properly. Systems using the\nnetwork console logging no longer crashes due to the aforementioned\nconditions. (BZ#1165983)\n\n* A bug in the vmxnet3 driver allowed potential race conditions to be\ntriggered when the driver was used with the netconsole module. The race\nconditions allowed the driver's internal New API (NAPI) poll routine to run\nconcurrently with the netpoll controller routine, which resulted in data\ncorruption and a subsequent kernel panic. To fix this problem, the vmxnet3\ndriver has been modified to call the appropriate interrupt handler to\nschedule NAPI poll requests properly. (BZ#1179594)\n\n* Prior to this update, nfs_mark_return_delegation() was called without any\nlocking, resulting in unsafe dereferencing of delegation->inode.\nBecause the inode is only used to discover the nfs_client, the callers now\npass a valid pointer to the nfs_server as a parameter. (BZ#1187637)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-03-03T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0285", "cvelist": ["CVE-2014-7841"], "lastseen": "2016-09-04T11:17:59"}, {"id": "RHSA-2015:0087", "type": "redhat", "title": "(RHSA-2015:0087) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced\nLinux Sound Architecture (ALSA) implementation handled user controls.\nA local, privileged user could use this flaw to crash the system.\n(CVE-2014-4656, Moderate)\n\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "published": "2015-01-27T23:35:24", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0087", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-03-05T19:18:32"}, {"id": "RHSA-2015:0695", "type": "redhat", "title": "(RHSA-2015:0695) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* An integer overflow flaw was found in the way the Linux kernel's Frame\nBuffer device implementation mapped kernel memory to user space via the\nmmap syscall. A local user able to access a frame buffer device file\n(/dev/fb*) could possibly use this flaw to escalate their privileges on the\nsystem. (CVE-2013-2596, Important)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the\nLinux kernel's ISOFS implementation did not correctly check relocated\ndirectories when processing Rock Ridge child link (CL) tags. An attacker\nwith physical access to the system could use a specially crafted ISO image\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes the following bugs:\n\n* Previously, certain network device drivers did not accept ethtool\ncommands right after they were loaded. As a consequence, the current\nsetting of the specified device driver was not applied and an error message\nwas returned. The ETHTOOL_DELAY variable has been added, which makes sure\nthe ethtool utility waits for some time before it tries to apply the\noptions settings, thus fixing the bug. (BZ#1138299)\n\n* During the memory allocation for a new socket to communicate to the\nserver, the rpciod daemon released a clean page which needed to be\ncommitted. However, the commit was queueing indefinitely as the commit\ncould only be provided with a socket connection. As a consequence, a\ndeadlock occurred in rpciod. This update sets the PF_FSTRANS flag on the\nwork queue task prior to the socket allocation, and adds the\nnfs_release_page check for the flag when deciding whether to make a commit\ncall, thus fixing this bug. (BZ#1192326)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-03-17T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0695", "cvelist": ["CVE-2013-2596", "CVE-2014-7841", "CVE-2014-8159", "CVE-2014-5472", "CVE-2014-5471"], "lastseen": "2016-09-04T11:17:59"}, {"id": "RHSA-2015:0102", "type": "redhat", "title": "(RHSA-2015:0102) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* A race condition flaw was found in the way the Linux kernel's mmap(2),\nmadvise(2), and fallocate(2) system calls interacted with each other while\noperating on virtual memory file system files. A local user could use this\nflaw to cause a denial of service. (CVE-2014-4171, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's\nCommon Internet File System (CIFS) implementation handled mounting of file\nsystem shares. A remote attacker could use this flaw to crash a client\nsystem that would mount a file system share from a malicious server.\n(CVE-2014-7145, Moderate)\n\n* A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the\nLinux kernel's ISOFS implementation did not correctly check relocated\ndirectories when processing Rock Ridge child link (CL) tags. An attacker\nwith physical access to the system could use a specially crafted ISO image\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting the\nCVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of\nRed Hat.\n\nThis update also fixes the following bugs:\n\n* Previously, a kernel panic could occur if a process reading from a locked\nNFS file was killed and the lock was not released properly before the read\noperations finished. Consequently, the system crashed. The code handling\nfile locks has been fixed, and instead of halting, the system now emits a\nwarning about the unreleased lock. (BZ#1172266)\n\n* A race condition in the command abort handling logic of the ipr device\ndriver could cause the kernel to panic when the driver received a response\nto an abort command prior to receiving other responses to the aborted\ncommand due to the support for multiple interrupts. With this update, the\nabort handler waits for the aborted command's responses first before\ncompleting an abort operation. (BZ#1162734)\n\n* Previously, a race condition could occur when changing a Page Table Entry\n(PTE) or a Page Middle Directory (PMD) to \"pte_numa\" or \"pmd_numa\",\nrespectively, causing the kernel to crash. This update removes the BUG_ON()\nmacro from the __handle_mm_fault() function, preventing the kernel panic in\nthe aforementioned scenario. (BZ#1170662)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-01-28T05:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0102", "cvelist": ["CVE-2014-4171", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-7145", "CVE-2014-7822", "CVE-2014-7841"], "lastseen": "2018-04-15T14:24:24"}, {"id": "RHSA-2015:0284", "type": "redhat", "title": "(RHSA-2015:0284) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A race condition flaw was found in the way the Linux kernel's KVM\nsubsystem handled PIT (Programmable Interval Timer) emulation. A guest user\nwho has access to the PIT I/O ports could use this flaw to crash the host.\n(CVE-2014-3611, Important)\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* A memory corruption flaw was found in the way the USB ConnectTech\nWhiteHEAT serial driver processed completion commands sent via USB Request\nBlocks buffers. An attacker with physical access to the system could use\nthis flaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2014-3185, Moderate)\n\n* It was found that the Linux kernel's KVM subsystem did not handle the VM\nexits gracefully for the invept (Invalidate Translations Derived from EPT)\nand invvpid (Invalidate Translations Based on VPID) instructions. On hosts\nwith an Intel processor and invept/invppid VM exit support, an unprivileged\nguest user could use these instructions to crash the guest. (CVE-2014-3645,\nCVE-2014-3646, Moderate)\n\n* A flaw was found in the way the Linux kernel's netfilter subsystem\nhandled generic protocol tracking. As demonstrated in the Stream Control\nTransmission Protocol (SCTP) case, a remote attacker could use this flaw to\nbypass intended iptables rule restrictions when the associated connection\ntracking module was not loaded on the system. (CVE-2014-8160, Moderate)\n\nRed Hat would like to thank Lars Bull of Google for reporting\nCVE-2014-3611, Vladimir Davydov (Parallels) for reporting CVE-2013-4483,\nand the Advanced Threat Research team at Intel Security for reporting\nCVE-2014-3645 and CVE-2014-3646. The CVE-2014-7841 issue was discovered by\nLiu Wei of Red Hat.\n\nBug fixes:\n\n* When forwarding a packet, the iptables target TCPOPTSTRIP used the\ntcp_hdr() function to locate the option space. Consequently, TCPOPTSTRIP\nlocated the incorrect place in the packet, and therefore did not match\noptions for stripping. TCPOPTSTRIP now uses the TCP header itself to locate\nthe option space, and the options are now properly stripped. (BZ#1172026)\n\n* The ipset utility computed incorrect values of timeouts from an old IP\nset, and these values were then supplied to a new IP set. A resize on an IP\nset with a timeouts option enabled could then supply corrupted data from an\nold IP set. This bug has been fixed by properly reading timeout values from\nan old set before supplying them to a new set. (BZ#1172763)\n\n* Incorrect processing of errors from the BCM5719 LAN controller could\nresult in incoming packets being dropped. Now, received errors are handled\nproperly, and incoming packets are no longer randomly dropped. (BZ#1180405)\n\n* When the NVMe driver allocated a name-space queue, it was recognized as a\nrequest-based driver, whereas it was a BIO-based driver. While trying to\naccess data during the loading of NVMe along with a request-based DM\ndevice, the system could terminate unexpectedly or become unresponsive.\nNow, NVMe does not set the QUEUE_FLAG_STACKABLE flag during the allocation\nof a name-space queue, and the system no longer attempts to insert a\nrequest into the queue, preventing a crash. (BZ#1180554)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-03-03T05:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0284", "cvelist": ["CVE-2014-3646", "CVE-2014-8160", "CVE-2014-7841", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3185", "CVE-2013-4483"], "lastseen": "2016-09-04T11:17:55"}, {"id": "RHSA-2015:0864", "type": "redhat", "title": "(RHSA-2015:0864) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "published": "2015-04-21T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0864", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-7825", "CVE-2015-1421", "CVE-2014-8884", "CVE-2014-9584", "CVE-2014-3690", "CVE-2014-8171", "CVE-2014-7826"], "lastseen": "2017-03-10T13:18:37"}, {"id": "RHSA-2015:0782", "type": "redhat", "title": "(RHSA-2015:0782) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* An integer overflow flaw was found in the way the Linux kernel's Frame\nBuffer device implementation mapped kernel memory to user space via the\nmmap syscall. A local user able to access a frame buffer device file\n(/dev/fb*) could possibly use this flaw to escalate their privileges on the\nsystem. (CVE-2013-2596, Important)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the\nLinux kernel's ISOFS implementation did not correctly check relocated\ndirectories when processing Rock Ridge child link (CL) tags. An attacker\nwith physical access to the system could use a specially crafted ISO image\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-5471, CVE-2014-5472, Low)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\nRed Hat would like to thank Mellanox for reporting CVE-2014-8159, and Andy\nLutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue was\ndiscovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* Previously, a NULL pointer check that is needed to prevent an oops in the\nnfs_async_inode_return_delegation() function was removed. As a consequence,\na NFS4 client could terminate unexpectedly. The missing NULL pointer check\nhas been added back, and NFS4 client no longer crashes in this situation.\n(BZ#1187638)\n\n* Due to unbalanced multicast join and leave processing, the attempt to\nleave a multicast group that had not previously completed a join became\nunresponsive. This update resolves multiple locking issues in the IPoIB\nmulticast code that allowed multicast groups to be left before the joining\nwas entirely completed. Now, multicast join and leave failures or lockups\nno longer occur in the described situation. (BZ#1187663)\n\n* A failure to leave a multicast group which had previously been joined\nprevented the attempt to unregister from the \"sa\" service. Multiple locking\nissues in the IPoIB multicast join and leave processing have been fixed so\nthat leaving a group that has completed its join process is successful.\nAs a result, attempts to unregister from the \"sa\" service no longer lock up\ndue to leaked resources. (BZ#1187665)\n\n* Due to a regression, when large reads which partially extended beyond the\nend of the underlying device were done, the raw driver returned the EIO\nerror code instead of returning a short read covering the valid part of the\ndevice. The underlying source code has been patched, and the raw driver now\nreturns a short read for the remainder of the device. (BZ#1195746)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-04-07T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0782", "cvelist": ["CVE-2013-2596", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-5472", "CVE-2014-8884", "CVE-2014-3690", "CVE-2014-5471"], "lastseen": "2016-09-04T11:17:57"}, {"id": "RHSA-2015:0290", "type": "redhat", "title": "(RHSA-2015:0290) Important: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's XFS file system handled\nreplacing of remote attributes under certain conditions. A local user with\naccess to XFS file system mount could potentially use this flaw to escalate\ntheir privileges on the system. (CVE-2015-0274, Important)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause denial of service on the system. (CVE-2014-3690, Moderate)\n\n* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)\nimplementation handled non-huge page migration. A local, unprivileged user\ncould use this flaw to crash the kernel by migrating transparent hugepages.\n(CVE-2014-3940, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* A race condition flaw was found in the Linux kernel's ext4 file system\nimplementation that allowed a local, unprivileged user to crash the system\nby simultaneously writing to a file and toggling the O_DIRECT flag using\nfcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)\n\n* A flaw was found in the way the Linux kernel's netfilter subsystem\nhandled generic protocol tracking. As demonstrated in the Stream Control\nTransmission Protocol (SCTP) case, a remote attacker could use this flaw to\nbypass intended iptables rule restrictions when the associated connection\ntracking module was not loaded on the system. (CVE-2014-8160, Moderate)\n\n* It was found that due to excessive files_lock locking, a soft lockup\ncould be triggered in the Linux kernel when performing asynchronous I/O\noperations. A local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-8172, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's\nmadvise MADV_WILLNEED functionality handled page table locking. A local,\nunprivileged user could use this flaw to crash the system. (CVE-2014-8173,\nModerate)\n\n* An information leak flaw was found in the Linux kernel's IEEE 802.11\nwireless networking implementation. When software encryption was used, a\nremote attacker could use this flaw to leak up to 8 bytes of plaintext.\n(CVE-2014-8709, Low)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\nRed Hat would like to thank Eric Windisch of the Docker project for\nreporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and\nRobert \u015awi\u0119cki for reporting CVE-2014-7825 and CVE-2014-7826.\n\nThis update also fixes several hundred bugs and adds numerous enhancements.\nRefer to the Red Hat Enterprise Linux 7.1 Release Notes for information on\nthe most significant of these changes, and the following Knowledgebase\narticle for further information: https://access.redhat.com/articles/1352803\n\nAll Red Hat Enterprise Linux 7 users are advised to install these updated\npackages, which correct these issues and add these enhancements. The system\nmust be rebooted for this update to take effect.", "published": "2015-03-05T05:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0290", "cvelist": ["CVE-2014-3690", "CVE-2014-3940", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-8086", "CVE-2014-8160", "CVE-2014-8172", "CVE-2014-8173", "CVE-2014-8709", "CVE-2014-8884", "CVE-2015-0274"], "lastseen": "2018-04-15T16:22:10"}, {"id": "RHSA-2016:0855", "type": "redhat", "title": "(RHSA-2016:0855) Moderate: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)\n\n* It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate)\n\n* A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)\n\n* It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)\n\n* It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n* A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low)\n\nRed Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).\n\nAdditional Changes:\n\n* Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section.", "published": "2016-05-10T10:42:32", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0855", "cvelist": ["CVE-2010-5313", "CVE-2014-8134", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-5156", "CVE-2015-8543", "CVE-2013-4312", "CVE-2016-3841", "CVE-2014-7842"], "lastseen": "2017-03-10T13:18:46"}, {"id": "RHSA-2015:2152", "type": "redhat", "title": "(RHSA-2015:2152) Important: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that reporting emulation failures to user space could lead\nto either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of\nservice. In the case of a local denial of service, an attacker must have\naccess to the MMIO area or be able to access an I/O port. (CVE-2010-5313,\nCVE-2014-7842, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM subsystem handled\nnon-canonical addresses when emulating instructions that change the RIP\n(for example, branches or calls). A guest user with access to an I/O or\nMMIO region could use this flaw to crash the guest. (CVE-2014-3647,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker could use this flaw to lock up the system. (CVE-2014-8171,\nModerate)\n\n* A race condition flaw was found between the chown and execve system\ncalls. A local, unprivileged user could potentially use this flaw to\nescalate their privileges on the system. (CVE-2015-3339, Moderate)\n\n* A flaw was discovered in the way the Linux kernel's TTY subsystem handled\nthe tty shutdown phase. A local, unprivileged user could use this flaw to\ncause a denial of service on the system. (CVE-2015-4170, Moderate)\n\n* A NULL pointer dereference flaw was found in the SCTP implementation.\nA local user could use this flaw to cause a denial of service on the system\nby triggering a kernel panic when creating multiple sockets in parallel\nwhile the system did not have the SCTP module loaded. (CVE-2015-5283,\nModerate)\n\n* A flaw was found in the way the Linux kernel's perf subsystem retrieved\nuserlevel stack traces on PowerPC systems. A local, unprivileged user could\nuse this flaw to cause a denial of service on the system. (CVE-2015-6526,\nModerate)\n\n* A flaw was found in the way the Linux kernel's Crypto subsystem handled\nautomatic loading of kernel modules. A local user could use this flaw to\nload any installed kernel module, and thus increase the attack surface of\nthe running kernel. (CVE-2013-7421, CVE-2014-9644, Low)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel KVM subsystem's sysenter instruction\nemulation was not sufficient. An unprivileged guest user could use this\nflaw to escalate their privileges by tricking the hypervisor to emulate a\nSYSENTER instruction in 16-bit mode, if the guest OS did not initialize the\nSYSENTER model-specific registers (MSRs). Note: Certified guest operating\nsystems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER\nMSRs and are thus not vulnerable to this issue when running on a KVM\nhypervisor. (CVE-2015-0239, Low)\n\n* A flaw was found in the way the Linux kernel handled the securelevel\nfunctionality after performing a kexec operation. A local attacker could\nuse this flaw to bypass the security mechanism of the\nsecurelevel/secureboot combination. (CVE-2015-7837, Low)", "published": "2015-11-20T00:35:51", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2152", "cvelist": ["CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774"], "lastseen": "2018-04-15T14:25:45"}], "centos": [{"id": "CESA-2015:0087", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0087\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* An integer overflow flaw was found in the way the Linux kernel's Advanced\nLinux Sound Architecture (ALSA) implementation handled user controls.\nA local, privileged user could use this flaw to crash the system.\n(CVE-2014-4656, Moderate)\n\nThe CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020910.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0087.html", "published": "2015-01-28T22:43:51", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020910.html", "cvelist": ["CVE-2014-7841", "CVE-2014-4656"], "lastseen": "2017-10-03T18:26:44"}, {"id": "CESA-2015:0102", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0102\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's SCTP implementation\nvalidated INIT chunks when performing Address Configuration Change\n(ASCONF). A remote attacker could use this flaw to crash the system by\nsending a specially crafted SCTP packet to trigger a NULL pointer\ndereference on the system. (CVE-2014-7841, Important)\n\n* A race condition flaw was found in the way the Linux kernel's mmap(2),\nmadvise(2), and fallocate(2) system calls interacted with each other while\noperating on virtual memory file system files. A local user could use this\nflaw to cause a denial of service. (CVE-2014-4171, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's\nCommon Internet File System (CIFS) implementation handled mounting of file\nsystem shares. A remote attacker could use this flaw to crash a client\nsystem that would mount a file system share from a malicious server.\n(CVE-2014-7145, Moderate)\n\n* A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\n* It was found that the parse_rock_ridge_inode_internal() function of the\nLinux kernel's ISOFS implementation did not correctly check relocated\ndirectories when processing Rock Ridge child link (CL) tags. An attacker\nwith physical access to the system could use a specially crafted ISO image\nto crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2014-5471, CVE-2014-5472, Low)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting the\nCVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of\nRed Hat.\n\nThis update also fixes the following bugs:\n\n* Previously, a kernel panic could occur if a process reading from a locked\nNFS file was killed and the lock was not released properly before the read\noperations finished. Consequently, the system crashed. The code handling\nfile locks has been fixed, and instead of halting, the system now emits a\nwarning about the unreleased lock. (BZ#1172266)\n\n* A race condition in the command abort handling logic of the ipr device\ndriver could cause the kernel to panic when the driver received a response\nto an abort command prior to receiving other responses to the aborted\ncommand due to the support for multiple interrupts. With this update, the\nabort handler waits for the aborted command's responses first before\ncompleting an abort operation. (BZ#1162734)\n\n* Previously, a race condition could occur when changing a Page Table Entry\n(PTE) or a Page Middle Directory (PMD) to \"pte_numa\" or \"pmd_numa\",\nrespectively, causing the kernel to crash. This update removes the BUG_ON()\nmacro from the __handle_mm_fault() function, preventing the kernel panic in\nthe aforementioned scenario. (BZ#1170662)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020915.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020916.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0102.html", "published": "2015-01-29T23:49:27", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020915.html", "cvelist": ["CVE-2014-7822", "CVE-2014-7841", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7145", "CVE-2014-5471"], "lastseen": "2017-10-03T18:25:47"}, {"id": "CESA-2015:0864", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0864\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way seunshare, a utility for running executables\nunder a different security context, used the capng_lock functionality of\nthe libcap-ng library. The subsequent invocation of suid root binaries that\nrelied on the fact that the setuid() system call, among others, also sets\nthe saved set-user-ID when dropping the binaries' process privileges, could\nallow a local, unprivileged user to potentially escalate their privileges\non the system. Note: the fix for this issue is the kernel part of the\noverall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the\nrelated SELinux exec transitions support. (CVE-2014-3215, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found in the way the Linux kernel keys\nmanagement subsystem performed key garbage collection. A local attacker\ncould attempt accessing a key while it was being garbage collected, which\nwould cause the system to crash. (CVE-2014-9529, Moderate)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\n* An information leak flaw was found in the way the Linux kernel's ISO9660\nfile system implementation accessed data on an ISO9660 image with RockRidge\nExtension Reference (ER) records. An attacker with physical access to the\nsystem could use this flaw to disclose up to 255 bytes of kernel memory.\n(CVE-2014-9584, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215\nand CVE-2014-3690, Robert \u015awi\u0119cki for reporting CVE-2014-7825 and\nCVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The\nCVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Technical Notes document linked to in the References\nsection.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021083.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0864.html", "published": "2015-04-22T09:51:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021083.html", "cvelist": ["CVE-2014-3215", "CVE-2014-9529", "CVE-2014-7825", "CVE-2015-1421", "CVE-2014-8884", "CVE-2014-9584", "CVE-2014-3690", "CVE-2014-8171", "CVE-2014-7826"], "lastseen": "2017-10-03T18:27:02"}, {"id": "CESA-2015:0290", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0290\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's XFS file system handled\nreplacing of remote attributes under certain conditions. A local user with\naccess to XFS file system mount could potentially use this flaw to escalate\ntheir privileges on the system. (CVE-2015-0274, Important)\n\n* It was found that the Linux kernel's KVM implementation did not ensure\nthat the host CR4 control register value remained unchanged across VM\nentries on the same virtual CPU. A local, unprivileged user could use this\nflaw to cause denial of service on the system. (CVE-2014-3690, Moderate)\n\n* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)\nimplementation handled non-huge page migration. A local, unprivileged user\ncould use this flaw to crash the kernel by migrating transparent hugepages.\n(CVE-2014-3940, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's perf subsystem. A local, unprivileged\nuser could use this flaw to crash the system. (CVE-2014-7825, Moderate)\n\n* An out-of-bounds memory access flaw was found in the syscall tracing\nfunctionality of the Linux kernel's ftrace subsystem. On a system with\nftrace syscall tracing enabled, a local, unprivileged user could use this\nflaw to crash the system, or escalate their privileges. (CVE-2014-7826,\nModerate)\n\n* A race condition flaw was found in the Linux kernel's ext4 file system\nimplementation that allowed a local, unprivileged user to crash the system\nby simultaneously writing to a file and toggling the O_DIRECT flag using\nfcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)\n\n* A flaw was found in the way the Linux kernel's netfilter subsystem\nhandled generic protocol tracking. As demonstrated in the Stream Control\nTransmission Protocol (SCTP) case, a remote attacker could use this flaw to\nbypass intended iptables rule restrictions when the associated connection\ntracking module was not loaded on the system. (CVE-2014-8160, Moderate)\n\n* It was found that due to excessive files_lock locking, a soft lockup\ncould be triggered in the Linux kernel when performing asynchronous I/O\noperations. A local, unprivileged user could use this flaw to crash the\nsystem. (CVE-2014-8172, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's\nmadvise MADV_WILLNEED functionality handled page table locking. A local,\nunprivileged user could use this flaw to crash the system. (CVE-2014-8173,\nModerate)\n\n* An information leak flaw was found in the Linux kernel's IEEE 802.11\nwireless networking implementation. When software encryption was used, a\nremote attacker could use this flaw to leak up to 8 bytes of plaintext.\n(CVE-2014-8709, Low)\n\n* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge\nDEC USB device driver. A local user with write access to the corresponding\ndevice could use this flaw to crash the kernel or, potentially, elevate\ntheir privileges on the system. (CVE-2014-8884, Low)\n\nRed Hat would like to thank Eric Windisch of the Docker project for\nreporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and\nRobert \u015awi\u0119cki for reporting CVE-2014-7825 and CVE-2014-7826.\n\nThis update also fixes several hundred bugs and adds numerous enhancements.\nRefer to the Red Hat Enterprise Linux 7.1 Release Notes for information on\nthe most significant of these changes, and the following Knowledgebase\narticle for further information: https://access.redhat.com/articles/1352803\n\nAll Red Hat Enterprise Linux 7 users are advised to install these updated\npackages, which correct these issues and add these enhancements. The system\nmust be rebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/001606.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0290.html", "published": "2015-03-17T13:28:28", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001606.html", "cvelist": ["CVE-2014-3940", "CVE-2014-7825", "CVE-2014-8160", "CVE-2015-0274", "CVE-2014-8173", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-3690", "CVE-2014-8172", "CVE-2014-8086", "CVE-2014-7826"], "lastseen": "2017-10-03T18:25:08"}, {"id": "CESA-2016:0855", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0855\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)\n\n* It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate)\n\n* A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)\n\n* It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)\n\n* It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n* A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low)\n\nRed Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).\n\nAdditional Changes:\n\n* Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/002855.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0855.html", "published": "2016-05-16T10:16:52", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-May/002855.html", "cvelist": ["CVE-2010-5313", "CVE-2014-8134", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-5156", "CVE-2015-8543", "CVE-2013-4312", "CVE-2016-3841", "CVE-2014-7842"], "lastseen": "2017-10-03T18:26:53"}, {"id": "CESA-2015:2152", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2152\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that reporting emulation failures to user space could lead\nto either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of\nservice. In the case of a local denial of service, an attacker must have\naccess to the MMIO area or be able to access an I/O port. (CVE-2010-5313,\nCVE-2014-7842, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM subsystem handled\nnon-canonical addresses when emulating instructions that change the RIP\n(for example, branches or calls). A guest user with access to an I/O or\nMMIO region could use this flaw to crash the guest. (CVE-2014-3647,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker could use this flaw to lock up the system. (CVE-2014-8171,\nModerate)\n\n* A race condition flaw was found between the chown and execve system\ncalls. A local, unprivileged user could potentially use this flaw to\nescalate their privileges on the system. (CVE-2015-3339, Moderate)\n\n* A flaw was discovered in the way the Linux kernel's TTY subsystem handled\nthe tty shutdown phase. A local, unprivileged user could use this flaw to\ncause a denial of service on the system. (CVE-2015-4170, Moderate)\n\n* A NULL pointer dereference flaw was found in the SCTP implementation.\nA local user could use this flaw to cause a denial of service on the system\nby triggering a kernel panic when creating multiple sockets in parallel\nwhile the system did not have the SCTP module loaded. (CVE-2015-5283,\nModerate)\n\n* A flaw was found in the way the Linux kernel's perf subsystem retrieved\nuserlevel stack traces on PowerPC systems. A local, unprivileged user could\nuse this flaw to cause a denial of service on the system. (CVE-2015-6526,\nModerate)\n\n* A flaw was found in the way the Linux kernel's Crypto subsystem handled\nautomatic loading of kernel modules. A local user could use this flaw to\nload any installed kernel module, and thus increase the attack surface of\nthe running kernel. (CVE-2013-7421, CVE-2014-9644, Low)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel KVM subsystem's sysenter instruction\nemulation was not sufficient. An unprivileged guest user could use this\nflaw to escalate their privileges by tricking the hypervisor to emulate a\nSYSENTER instruction in 16-bit mode, if the guest OS did not initialize the\nSYSENTER model-specific registers (MSRs). Note: Certified guest operating\nsystems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER\nMSRs and are thus not vulnerable to this issue when running on a KVM\nhypervisor. (CVE-2015-0239, Low)\n\n* A flaw was found in the way the Linux kernel handled the securelevel\nfunctionality after performing a kexec operation. A local attacker could\nuse this flaw to bypass the security mechanism of the\nsecurelevel/secureboot combination. (CVE-2015-7837, Low)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002347.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2152.html", "published": "2015-11-30T19:36:22", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002347.html", "cvelist": ["CVE-2014-9644", "CVE-2015-4170", "CVE-2010-5313", "CVE-2015-2925", "CVE-2015-8215", "CVE-2015-3288", "CVE-2015-7553", "CVE-2015-3339", "CVE-2014-3647", "CVE-2016-0774", "CVE-2015-6526", "CVE-2015-7613", "CVE-2015-0239", "CVE-2013-7421", "CVE-2015-7837", "CVE-2015-5283", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-7842"], "lastseen": "2017-10-16T06:03:58"}], "ubuntu": [{"id": "USN-2444-1", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "description": "Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)\n\nA null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)", "published": "2014-12-12T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2444-1/", "cvelist": ["CVE-2014-7825", "CVE-2014-7841", "CVE-2014-8884", "CVE-2014-7826"], "lastseen": "2018-03-29T18:17:52"}, {"id": "USN-2466-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)", "published": "2015-01-13T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2466-1/", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2018-03-29T18:21:22"}, {"id": "USN-2465-1", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "A null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)", "published": "2015-01-13T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2465-1/", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2018-03-29T18:20:22"}, {"id": "USN-2468-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)", "published": "2015-01-13T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2468-1/", "cvelist": ["CVE-2014-7841", "CVE-2014-7843", "CVE-2014-8884", "CVE-2014-7842"], "lastseen": "2018-03-29T18:20:07"}, {"id": "USN-2442-1", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerabilities", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nA null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)", "published": "2014-12-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2442-1/", "cvelist": ["CVE-2014-8134", "CVE-2014-3673", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-3687"], "lastseen": "2018-03-29T18:19:01"}, {"id": "USN-2443-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nRabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)\n\nRabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)\n\nA null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)", "published": "2014-12-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2443-1/", "cvelist": ["CVE-2014-8134", "CVE-2014-7825", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-9322", "CVE-2014-8884", "CVE-2014-7826"], "lastseen": "2018-03-29T18:21:05"}, {"id": "USN-2441-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nA flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)\n\nA flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)\n\nIt was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)\n\nA null pointer dereference flaw was discovered in the the Linux kernel\u2019s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841)\n\nJouni Malinen reported a flaw in the handling of fragmentation in the mac8Linux subsystem of the kernel. A remote attacker could exploit this flaw to obtain potential sensitive cleartext information by reading packets. (CVE-2014-8709)\n\nA stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)", "published": "2014-12-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2441-1/", "cvelist": ["CVE-2014-8134", "CVE-2014-3673", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-3687"], "lastseen": "2018-03-29T18:18:43"}, {"id": "USN-2463-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)", "published": "2015-01-13T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2463-1/", "cvelist": ["CVE-2014-8369", "CVE-2014-7842"], "lastseen": "2018-03-29T18:19:19"}, {"id": "USN-2464-1", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "description": "Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)", "published": "2015-01-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2464-1/", "cvelist": ["CVE-2014-8369", "CVE-2014-8134", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-7842"], "lastseen": "2018-03-29T18:19:58"}], "debian": [{"id": "DSA-3093", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:\n\n * [CVE-2014-7841](<https://security-tracker.debian.org/tracker/CVE-2014-7841>)\n\nLiu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference.\n\n * [CVE-2014-8369](<https://security-tracker.debian.org/tracker/CVE-2014-8369>)\n\nA flaw was discovered in the way iommu mapping failures were handled in the kvm_iommu_map_pages() function in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS.\n\n * [CVE-2014-8884](<https://security-tracker.debian.org/tracker/CVE-2014-8884>)\n\nA stack-based buffer overflow flaw was discovered in the TechnoTrend/Hauppauge DEC USB driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges.\n\n * [CVE-2014-9090](<https://security-tracker.debian.org/tracker/CVE-2014-9090>)\n\nAndy Lutomirski discovered that the do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic).\n\nFor the stable distribution (wheezy), these problems have been fixed in version 3.2.63-2+deb7u2. This update also includes fixes for regressions introduced by previous updates.\n\nFor the unstable distribution (sid), these problems will be fixed soon in version 3.16.7-ckt2-1.\n\nWe recommend that you upgrade your linux packages.", "published": "2014-12-08T00:00:00", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3093", "cvelist": ["CVE-2014-8369", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-8884"], "lastseen": "2018-01-08T04:53:45"}, {"id": "DLA-118", "type": "debian", "title": "linux-2.6 -- LTS security update", "description": "Non-maintainer upload by the Squeeze LTS and Kernel Teams.\n\nNew upstream stable release 2.6.32.65, see <http://lkml.org/lkml/2014/12/13/81> for more information.\n\nThe stable release 2.6.32.65 includes the following new commits compared to the previous 2.6.32-48squeeze9 package:\n\n * USB: whiteheat: Added bounds checking for bulk command response ([CVE-2014-3185](<https://security-tracker.debian.org/tracker/CVE-2014-3185>))\n * net: sctp: fix panic on duplicate ASCONF chunks ([CVE-2014-3687](<https://security-tracker.debian.org/tracker/CVE-2014-3687>))\n * net: sctp: fix remote memory pressure from excessive queueing ([CVE-2014-3688](<https://security-tracker.debian.org/tracker/CVE-2014-3688>))\n * udf: Avoid infinite loop when processing indirect ICBs ([CVE-2014-6410](<https://security-tracker.debian.org/tracker/CVE-2014-6410>))\n * net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet ([CVE-2014-7841](<https://security-tracker.debian.org/tracker/CVE-2014-7841>))\n * mac80211: fix fragmentation code, particularly for encryption ([CVE-2014-8709](<https://security-tracker.debian.org/tracker/CVE-2014-8709>))\n * ttusb-dec: buffer overflow in ioctl ([CVE-2014-8884](<https://security-tracker.debian.org/tracker/CVE-2014-8884>))\n\nWe recommend that you upgrade your linux-2.6 packages.\n\nWe apologize for a minor cosmetic glitch:\n\nThe following commits were already included in 2.6.32-48squeeze9 despite claims in debian/changelog they were only fixed in 2.6.32-48squeez10:\n\n * vlan: Don't propagate flag changes on down interfaces.\n * sctp: Fix double-free introduced by bad backport in 2.6.32.62\n * md/raid6: Fix misapplied backport in 2.6.32.64\n * block: add missing blk_queue_dead() checks\n * block: Fix blk_execute_rq_nowait() dead queue handling\n * proc connector: Delete spurious memset in proc_exit_connector()", "published": "2014-12-21T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/2014/dla-118", "cvelist": ["CVE-2014-3688", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-3185", "CVE-2014-8884", "CVE-2014-6410", "CVE-2014-3687"], "lastseen": "2016-09-02T12:56:54"}], "amazon": [{"id": "ALAS-2014-455", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nThe sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. ([CVE-2014-7841 __](<https://access.redhat.com/security/cve/CVE-2014-7841>))\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. ([CVE-2014-7970 __](<https://access.redhat.com/security/cve/CVE-2014-7970>))\n\nThe do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. ([CVE-2014-9090 __](<https://access.redhat.com/security/cve/CVE-2014-9090>))\n\nA flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. ([CVE-2014-9322 __](<https://access.redhat.com/security/cve/CVE-2014-9322>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum clean all_ followed by _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-3.14.26-24.46.amzn1.i686 \n kernel-debuginfo-3.14.26-24.46.amzn1.i686 \n perf-debuginfo-3.14.26-24.46.amzn1.i686 \n kernel-devel-3.14.26-24.46.amzn1.i686 \n kernel-tools-devel-3.14.26-24.46.amzn1.i686 \n kernel-debuginfo-common-i686-3.14.26-24.46.amzn1.i686 \n kernel-tools-3.14.26-24.46.amzn1.i686 \n perf-3.14.26-24.46.amzn1.i686 \n kernel-headers-3.14.26-24.46.amzn1.i686 \n kernel-tools-debuginfo-3.14.26-24.46.amzn1.i686 \n \n noarch: \n kernel-doc-3.14.26-24.46.amzn1.noarch \n \n src: \n kernel-3.14.26-24.46.amzn1.src \n \n x86_64: \n kernel-headers-3.14.26-24.46.amzn1.x86_64 \n kernel-devel-3.14.26-24.46.amzn1.x86_64 \n kernel-tools-debuginfo-3.14.26-24.46.amzn1.x86_64 \n kernel-tools-devel-3.14.26-24.46.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.14.26-24.46.amzn1.x86_64 \n kernel-tools-3.14.26-24.46.amzn1.x86_64 \n perf-3.14.26-24.46.amzn1.x86_64 \n kernel-debuginfo-3.14.26-24.46.amzn1.x86_64 \n kernel-3.14.26-24.46.amzn1.x86_64 \n perf-debuginfo-3.14.26-24.46.amzn1.x86_64 \n \n \n", "published": "2014-12-03T22:27:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-455.html", "cvelist": ["CVE-2014-9090", "CVE-2014-7841", "CVE-2014-9322", "CVE-2014-7970"], "lastseen": "2016-09-28T21:03:56"}], "suse": [{"id": "OPENSUSE-SU-2014:1678-1", "type": "suse", "title": "Security update for Linux Kernel (important)", "description": "The openSUSE 13.2 kernel was updated to version 3.16.7.\n\n These security issues were fixed:\n - CVE-2014-9322: A local privilege escalation in the x86_64 32bit\n compatibility signal handling was fixed, which could be used by local\n attackers to crash the machine or execute code. (bnc#910251)\n - CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c\n in the Linux kernel did not properly handle faults associated with the\n Stack Segment (SS) segment register, which allowed local users to cause\n a denial of service (panic) via a modify_ldt system call, as\n demonstrated by sigreturn_32 in the linux-clock-tests test suite.\n (bnc#907818)\n - CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace. (bnc#909077)\n - CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c\n and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349).\n - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that triggered an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4\n allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an association's\n output queue, as demonstrated by ASCONF probes, related to\n net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through\n 3.17.2 did not properly handle private syscall numbers during use of the\n ftrace subsystem, which allowed local users to gain privileges or cause\n a denial of service (invalid pointer dereference) via a crafted\n application (bnc#904013).\n - CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel\n before 3.17.4, when ASCONF is used, allowed remote attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n malformed INIT chunk (bnc#905100).\n\n These non-security issues were fixed:\n - ahci: Check and set 64-bit DMA mask for platform AHCI driver\n (bnc#902632).\n - ahci/xgene: Remove logic to set 64-bit DMA mask (bnc#902632).\n - ahci_xgene: Skip the PHY and clock initialization if already configured\n by the firmware (bnc#902632).\n - ALSA: hda - Add mute LED control for Lenovo Ideapad Z560 (bnc#665315).\n - ALSA: hda/realtek - Add alc_update_coef*_idx() helper (bnc#905068).\n - ALSA: hda/realtek - Change EAPD to verb control (bnc#905068).\n - ALSA: hda/realtek - Optimize alc888_coef_init() (bnc#905068).\n - ALSA: hda/realtek - Restore default value for ALC668 (bnc#905068).\n - ALSA: hda/realtek - Update Initial AMP for EAPD control (bnc#905068).\n - ALSA: hda/realtek - Update restore default value for ALC282 (bnc#905068).\n - ALSA: hda/realtek - Update restore default value for ALC283 (bnc#905068).\n - ALSA: hda/realtek - Use alc_write_coef_idx() in alc269_quanta_automake()\n (bnc#905068).\n - ALSA: hda/realtek - Use tables for batch COEF writes/updtes (bnc#905068).\n - ALSA: usb-audio: Do not resubmit pending URBs at MIDI error recovery.\n - arm64: Add architectural support for PCI (bnc#902632).\n - arm64: adjust el0_sync so that a function can be called (bnc#902632).\n - arm64: Do not call enable PCI resources when specify PCI_PROBE_ONLY\n (bnc#902632).\n - arm64: dts: Add X-Gene reboot driver dts node (bnc#902632).\n - arm64/efi: efistub: cover entire static mem footprint in PE/COFF .text\n (bnc#902632).\n - arm64/efi: efistub: do not abort if base of DRAM is occupied\n (bnc#902632).\n - arm64: fix bug for reloading FPSIMD state after cpu power off\n (bnc#902632).\n - arm64: fix VTTBR_BADDR_MASK (bnc#902632).\n - arm64: fpsimd: fix a typo in fpsimd_save_partial_state ENDPROC\n (bnc#902632).\n - arm64/mustang: Disable sgenet and xgenet (bnc#902632).\n - arm64: Select reboot driver for X-Gene platform (bnc#902632).\n - arm: Add APM Mustang network driver (bnc#902632).\n - arm/arm64: KVM: Fix and refactor unmap_range (bnc#902632).\n - arm: Define PCI_IOBASE as the base of virtual PCI IO space (bnc#902632).\n - asm-generic/io.h: Fix ioport_map() for !CONFIG_GENERIC_IOMAP\n (bnc#902632).\n - ax88179_178a: fix bonding failure (bsc#908253).\n - btrfs: Fix and enhance merge_extent_mapping() to insert best fitted\n extent map.\n - btrfs: fix crash of btrfs_release_extent_buffer_page.\n - btrfs: fix invalid leaf slot access in btrfs_lookup_extent().\n - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup.\n - btrfs: fix lockups from btrfs_clear_path_blocking.\n - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent\n items.\n - btrfs: Fix the wrong condition judgment about subset extent map.\n - btrfs: fix wrong accounting of raid1 data profile in statfs.\n - btrfs: send, do not delay dir move if there is a new parent inode.\n - config: armv7hl: Disable CONFIG_USB_MUSB_TUSB6010 (bnc#906914).\n - cpufreq: arm_big_little: fix module license spec (bnc#902632).\n - Delete patches.rpmify/chipidea-clean-up-dependencies (bnc#903986).\n - Disable Exynos cpufreq modules.\n - drivers/net/fddi/skfp/h/skfbi.h: Remove useless PCI_BASE_2ND macros\n (bnc#902632).\n - drm/i915: Keep vblank interrupts enabled while enabling/disabling planes\n (bnc#904097).\n - drm: Implement O_NONBLOCK support on /dev/dri/cardN (bnc#904097).\n - drm/nv50/disp: fix dpms regression on certain boards (bnc#902728).\n - drm/radeon: add locking around atombios scratch space usage (bnc#904932).\n - drm/radeon: add missing crtc unlock when setting up the MC (bnc#904932).\n - drm/radeon/dpm: disable ulv support on SI (bnc#904932).\n - drm/radeon: fix endian swapping in vbios fetch for tdp table\n (bnc#904932).\n - drm/radeon: fix speaker allocation setup (bnc#904932).\n - drm/radeon: initialize sadb to NULL in the audio code (bnc#904932).\n - drm/radeon: make sure mode init is complete in bandwidth_update\n (bnc#904932).\n - drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails\n (bnc#904417).\n - drm/radeon: set correct CE ram size for CIK (bnc#904932).\n - drm/radeon: Use drm_malloc_ab instead of kmalloc_array (bnc#904932).\n - drm/radeon: use gart for DMA IB tests (bnc#904932).\n - drm/radeon: use gart memory for DMA ring tests (bnc#904932).\n - drm/tilcdc: Fix the error path in tilcdc_load() (bko#86071).\n - hp_accel: Add support for HP ZBook 15 (bnc#905329).\n - ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling (bnc#904289).\n - Input: i8042 - also set the firmware id for MUXed ports (bnc#897112).\n - Input: psmouse - add psmouse_matches_pnp_id helper function (bnc#897112).\n - Input: psmouse - add support for detecting FocalTech PS/2 touchpads\n (bnc#897112).\n - Input: synaptics - add min/max quirk for Lenovo T440s (bnc#903748).\n - irqchip: gic: preserve gic V2 bypass bits in cpu ctrl register\n (bnc#902632).\n - iwlwifi: dvm: drop non VO frames when flushing (bnc#900786).\n - KEYS: Allow special keys (eg. DNS results) to be invalidated by\n CAP_SYS_ADMIN (bnc#904717).\n - KEYS: Fix stale key registration at error path (bnc#908163).\n - KEYS: Fix the size of the key description passed to/from userspace\n (bnc#904717).\n - KEYS: Increase root_maxkeys and root_maxbytes sizes (bnc#904717).\n - KEYS: request_key() should reget expired keys rather than give\n EKEYEXPIRED (bnc#904717).\n - KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags (bnc#904717).\n - KVM: ARM: Add arm,gic-400 compatible support (bnc#902632).\n - KVM: ARM: Hack to enable VGIC mapping on 64k PAGE_SIZE kernels\n (bnc#902633).\n - Limit xgbe a0 driver to arm64\n - net/xgbe: Add A0 silicon support (bnc#902632).\n - of/pci: Add pci_get_new_domain_nr() and of_get_pci_domain_nr()\n (bnc#902632).\n - of/pci: Add pci_register_io_range() and pci_pio_to_address()\n (bnc#902632).\n - of/pci: Add support for parsing PCI host bridge resources from DT\n (bnc#902632).\n - of/pci: Fix the conversion of IO ranges into IO resources (bnc#902632).\n - of/pci: Move of_pci_range_to_resource() to of/address.c (bnc#902632).\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n - PCI: Add generic domain handling (bnc#902632).\n - PCI: Add pci_remap_iospace() to map bus I/O resources (bnc#902632).\n - PCI: xgene: Add APM X-Gene PCIe driver (bnc#902632).\n - power: reset: Add generic SYSCON register mapped reset (bnc#902632).\n - power: reset: Remove X-Gene reboot driver (bnc#902632).\n - quirk for Lenovo Yoga 3: no rfkill switch (bnc#904289).\n - reiserfs: destroy allocated commit workqueue.\n - rtc: ia64: allow other architectures to use EFI RTC (bnc#902632).\n - scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.\n - scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.\n - tags.sh: Fixup regex definition for etags.\n - ttusb-dec: buffer overflow in ioctl (bnc#905739).\n - usb: Add support for Synopsis H20AHB EHCI host controller (bnc#902632).\n - usb: fix hcd h20ahb driver depends (bnc#902632).\n - usb: uvc: add a quirk for Dell XPS M1330 webcam (bnc#904539).\n - usb: uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n", "published": "2014-12-21T13:12:48", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00022.html", "cvelist": ["CVE-2014-3673", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2014-9322", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3687"], "lastseen": "2016-09-04T11:26:30"}, {"id": "SUSE-SU-2015:0529-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive\n various security and bugfixes.\n\n This update contains the following feature enablements:\n - The remote block device (rbd) and ceph drivers have been enabled and are\n now supported. (FATE#318350) These can be used e.g. for accessing the\n SUSE Enterprise Storage product services.\n\n - Support for Intel Select Bay trail CPUs has been added. (FATE#316038)\n\n Following security issues were fixed:\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel through 3.18.1 did not ensure that Thread Local\n Storage (TLS) descriptors were loaded before proceeding with other\n steps, which made it easier for local users to bypass the ASLR\n protection mechanism via a crafted application that reads a TLS base\n address (bnc#911326).\n\n - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()\n system call validated its parameters. On certain file systems, a local,\n unprivileged user could have used this flaw to write past the maximum\n file size, and thus crash the system.\n\n - CVE-2014-8160: The connection tracking module could be bypassed if a\n specific protocol module was not loaded, e.g. allowing SCTP traffic\n while the firewall should have filtered it.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field, which\n allowed local users to obtain sensitive information from kernel memory\n via a crafted iso9660 image (bnc#912654).\n\n The following non-security bugs were fixed:\n - audit: Allow login in non-init namespaces (bnc#916107).\n - btrfs: avoid unnecessary switch of path locks to blocking mode.\n - btrfs: fix directory inconsistency after fsync log replay (bnc#915425).\n - btrfs: fix fsync log replay for inodes with a mix of regular refs and\n extrefs (bnc#915425).\n - btrfs: fix fsync race leading to ordered extent memory leaks\n (bnc#917128).\n - btrfs: fix fsync when extend references are added to an inode\n (bnc#915425).\n - btrfs: fix missing error handler if submiting re-read bio fails.\n - btrfs: fix race between transaction commit and empty block group removal\n (bnc#915550).\n - btrfs: fix scrub race leading to use-after-free (bnc#915456).\n - btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).\n - btrfs: improve free space cache management and space allocation.\n - btrfs: make btrfs_search_forward return with nodes unlocked.\n - btrfs: scrub, fix sleep in atomic context (bnc#915456).\n - btrfs: unlock nodes earlier when inserting items in a btree.\n - drm/i915: On G45 enable cursor plane briefly after enabling the display\n plane (bnc#918161).\n - Fix Module.supported handling for external modules (bnc#905304).\n - keys: close race between key lookup and freeing (bnc#912202).\n - msi: also reject resource with flags all clear.\n - pci: Add ACS quirk for Emulex NICs (bug#917089).\n - pci: Add ACS quirk for Intel 10G NICs (bug#917089).\n - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089).\n - Refresh other Xen patches (bsc#909829).\n - Update\n patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patc\n h (bnc#895805).\n - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322).\n - be2net: refactor code that checks flash file compatibility (bug#908322).\n - ceph: Add necessary clean up if invalid reply received in handle_reply()\n (bsc#918255).\n - crush: CHOOSE_LEAF -&gt; CHOOSELEAF throughout (bsc#918255).\n - crush: add SET_CHOOSE_TRIES rule step (bsc#918255).\n - crush: add note about r in recursive choose (bsc#918255).\n - crush: add set_choose_local_[fallback_]tries steps (bsc#918255).\n - crush: apply chooseleaf_tries to firstn mode too (bsc#918255).\n - crush: attempts -&gt; tries (bsc#918255).\n - crush: clarify numrep vs endpos (bsc#918255).\n - crush: eliminate CRUSH_MAX_SET result size limitation (bsc#918255).\n - crush: factor out (trivial) crush_destroy_rule() (bsc#918255).\n - crush: fix crush_choose_firstn comment (bsc#918255).\n - crush: fix some comments (bsc#918255).\n - crush: generalize descend_once (bsc#918255).\n - crush: new SET_CHOOSE_LEAF_TRIES command (bsc#918255).\n - crush: pass parent r value for indep call (bsc#918255).\n - crush: pass weight vector size to map function (bsc#918255).\n - crush: reduce scope of some local variables (bsc#918255).\n - crush: return CRUSH_ITEM_UNDEF for failed placements with indep\n (bsc#918255).\n - crush: strip firstn conditionals out of crush_choose, rename\n (bsc#918255).\n - crush: use breadth-first search for indep mode (bsc#918255).\n - crypto: drbg - panic on continuous self test error (bsc#905482).\n - dasd: List corruption in error recovery (bnc#914291, LTC#120865).\n - epoll: optimize setting task running after blocking (epoll-performance).\n - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543\n (bsc#914126,bsc#914457).\n - fips: __driver-gcm-aes-aesni needs to be listed explicitly inside the\n testmgr.c file (bsc#914457).\n - flow_dissector: add tipc support (bnc#916513).\n - hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() (bsc#907069).\n - hyperv: Add support for vNIC hot removal.\n - kernel: incorrect clock_gettime result (bnc#914291, LTC#121184).\n - kvm: iommu: Add cond_resched to legacy device assignment code\n (bsc#898687).\n - libceph: CEPH_OSD_FLAG_* enum update (bsc#918255).\n - libceph: add ceph_kv{malloc,free}() and switch to them (bsc#918255).\n - libceph: add ceph_pg_pool_by_id() (bsc#918255).\n - libceph: all features fields must be u64 (bsc#918255).\n - libceph: dout() is missing a newline (bsc#918255).\n - libceph: factor out logic from ceph_osdc_start_request() (bsc#918255).\n - libceph: fix error handling in ceph_osdc_init() (bsc#918255).\n - libceph: follow redirect replies from osds (bsc#918255).\n - libceph: follow {read,write}_tier fields on osd request submission\n (bsc#918255).\n - libceph: introduce and start using oid abstraction (bsc#918255).\n - libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (bsc#918255).\n - libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid}\n (bsc#918255).\n - libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg()\n (bsc#918255).\n - libceph: start using oloc abstraction (bsc#918255).\n - libceph: take map_sem for read in handle_reply() (bsc#918255).\n - libceph: update ceph_features.h (bsc#918255).\n - libceph: use CEPH_MON_PORT when the specified port is 0 (bsc#918255).\n - locking/mutex: Explicitly mark task as running after wakeup (mutex\n scalability).\n - locking/osq: No need for load/acquire when acquire-polling (mutex\n scalability).\n - locking/rtmutex: Optimize setting task running after being blocked\n (mutex scalability).\n - mm/compaction: fix wrong order check in compact_finished() (VM\n Performance, bnc#904177).\n - mm/compaction: stop the isolation when we isolate enough freepage (VM\n Performance, bnc#904177).\n - mm: fix negative nr_isolated counts (VM Performance).\n - mutex-debug: Always clear owner field upon mutex_unlock() (mutex bugfix).\n - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function\n prototypes (bsc#918255).\n - net: allow macvlans to move to net namespace (bnc#915660).\n - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr\n struct from userland (bnc#900270).\n - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484).\n - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255).\n Update references.\n - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon\n (bsc#915188).\n - pvscsi: support suspend/resume (bsc#902286).\n - random: account for entropy loss due to overwrites\n (bsc#904883,bsc#904901).\n - random: allow fractional bits to be tracked (bsc#904883,bsc#904901).\n - random: statically compute poolbitshift, poolbytes, poolbits\n (bsc#904883,bsc#904901).\n - rbd: add "^A" sysfs rbd device attribute (bsc#918255).\n - rbd: add support for single-major device number allocation scheme\n (bsc#918255).\n - rbd: enable extended devt in single-major mode (bsc#918255).\n - rbd: introduce rbd_dev_header_unwatch_sync() and switch to it\n (bsc#918255).\n - rbd: rbd_device::dev_id is an int, format it as such (bsc#918255).\n - rbd: refactor rbd_init() a bit (bsc#918255).\n - rbd: switch to ida for rbd id assignments (bsc#918255).\n - rbd: tear down watch request if rbd_dev_device_setup() fails\n (bsc#918255).\n - rbd: tweak "loaded" message and module description (bsc#918255).\n - rbd: wire up is_visible() sysfs callback for rbd bus (bsc#918255).\n - rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608).\n - s390/dasd: remove unused code (bnc#914291, LTC#120608).\n - sched/Documentation: Remove unneeded word (mutex scalability).\n - sched/completion: Add lock-free checking of the blocking case (scheduler\n scalability).\n - scsifront: avoid acquiring same lock twice if ring is full.\n - scsifront: do not use bitfields for indicators modified under different\n locks.\n - swiotlb: Warn on allocation failure in swiotlb_alloc_coherent\n (bsc#905783).\n - uas: Add NO_ATA_1X for VIA VL711 devices (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X for 2 more Seagate disk enclosures (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X for Seagate devices with usb-id 0bc2:a013\n (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for Seagate (0bc2:ab20) drives\n (bnc#914254).\n - uas: Add a quirk for rejecting ATA_12 and ATA_16 commands (bnc#914254).\n - uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check\n (bnc#914294).\n - uas: Add no-report-opcodes quirk (bnc#914254).\n - uas: Disable uas on ASM1051 devices (bnc#914294).\n - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294).\n - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464).\n - uas: disable UAS on Apricorn SATA dongles (bnc#914300).\n - usb-storage: support for more than 8 LUNs (bsc#906196).\n - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).\n - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).\n - x86, swiotlb: Try coherent allocations with __GFP_NOWARN (bsc#905783).\n - x86/hpet: Make boot_hpet_disable extern (bnc#916646).\n - x86/intel: Add quirk to disable HPET for the Baytrail platform\n (bnc#916646).\n - x86: irq: Check for valid irq descriptor\n incheck_irq_vectors_for_cpu_disable (bnc#914726).\n - x86: irq: Check for valid irq descriptor in\n check_irq_vectors_for_cpu_disable (bnc#914726).\n - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers\n (bnc#914112).\n - zcrypt: Number of supported ap domains is not retrievable (bnc#914291,\n LTC#120788).\n\n", "published": "2015-03-18T22:04:55", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html", "cvelist": ["CVE-2014-7822", "CVE-2014-3673", "CVE-2014-8160", "CVE-2014-7841", "CVE-2014-8559", "CVE-2014-9584", "CVE-2014-9419", "CVE-2014-3687"], "lastseen": "2016-09-04T11:46:39"}, {"id": "SUSE-SU-2015:0068-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive\n various security and bugfixes.\n\n Security issues fixed: CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed, which could be used\n by local attackers to crash the machine or execute code.\n\n CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode\n on the x86_64 platform were fixed, where local attackers could crash the\n machine.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not\n properly handle private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted application.\n\n CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine)\n mishandled noncanonical addresses when emulating instructions that change\n the rip (Instruction Pointer). A guest user with access to I/O or the MMIO\n could use this flaw to cause a denial of service (system crash) of the\n guest.\n\n CVE-2014-3611: A race condition flaw was found in the way the Linux\n kernel's KVM subsystem handled PIT (Programmable Interval Timer)\n emulation. A guest user who has access to the PIT I/O ports could use this\n flaw to crash the host.\n\n CVE-2014-3610: If the guest writes a noncanonical value to certain MSR\n registers, KVM will write that value to the MSR in the host context and a\n #GP will be raised leading to kernel panic. A privileged guest user could\n have used this flaw to crash the host.\n\n CVE-2014-7841: A remote attacker could have used a flaw in SCTP to crash\n the system by sending a maliciously prepared SCTP packet in order to\n trigger a NULL pointer dereference on the server.\n\n CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback\n function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial\n Driver in the Linux kernel allowed physically proximate attackers to\n execute arbitrary code or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\n\n\n Bugs fixed: BTRFS:\n - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent\n items (bnc#904077).\n - btrfs: fix invalid leaf slot access in btrfs_lookup_extent()\n (bnc#904077).\n - btrfs: avoid returning -ENOMEM in convert_extent_bit() too early\n (bnc#902016).\n - btrfs: make find_first_extent_bit be able to cache any state\n (bnc#902016).\n - btrfs: deal with convert_extent_bit errors to avoid fs corruption\n (bnc#902016).\n - btrfs: be aware of btree inode write errors to avoid fs corruption\n (bnc#899551).\n - btrfs: add missing end_page_writeback on submit_extent_page failure\n (bnc#899551).\n - btrfs: fix crash of btrfs_release_extent_buffer_page (bnc#899551).\n - btrfs: ensure readers see new data after a clone operation (bnc#898234).\n - btrfs: avoid visiting all extent items when cloning a range (bnc#898234).\n - btrfs: fix clone to deal with holes when NO_HOLES feature is enabled\n (bnc#898234).\n - btrfs: make fsync work after cloning into a file (bnc#898234).\n - btrfs: fix use-after-free when cloning a trailing file hole (bnc#898234).\n - btrfs: clone, don't create invalid hole extent map (bnc#898234).\n - btrfs: limit the path size in send to PATH_MAX (bnc#897770).\n - btrfs: send, fix more issues related to directory renames (bnc#897770).\n - btrfs: send, remove dead code from __get_cur_name_and_parent\n (bnc#897770).\n - btrfs: send, account for orphan directories when building path strings\n (bnc#897770).\n - btrfs: send, avoid unnecessary inode item lookup in the btree\n (bnc#897770).\n - btrfs: send, fix incorrect ref access when using extrefs (bnc#897770).\n - btrfs: send, build path string only once in send_hole (bnc#897770).\n - btrfs: part 2, fix incremental send's decision to delay a dir\n move/rename (bnc#897770).\n - btrfs: fix incremental send's decision to delay a dir move/rename\n (bnc#897770).\n - btrfs: remove unnecessary inode generation lookup in send (bnc#897770).\n - btrfs: avoid unnecessary utimes update in incremental send (bnc#897770).\n - btrfs: fix send issuing outdated paths for utimes, chown and chmod\n (bnc#897770).\n - btrfs: fix send attempting to rmdir non-empty directories (bnc#897770).\n - btrfs: send, don't send rmdir for same target multiple times\n (bnc#897770).\n - btrfs: incremental send, fix invalid path after dir rename (bnc#897770).\n - btrfs: fix assert screwup for the pending move stuff (bnc#897770).\n - btrfs: make some tree searches in send.c more efficient (bnc#897770).\n - btrfs: use right extent item position in send when finding extent clones\n (bnc#897770).\n - btrfs: more send support for parent/child dir relationship inversion\n (bnc#897770).\n - btrfs: fix send dealing with file renames and directory moves\n (bnc#897770).\n - btrfs: add missing error check in incremental send (bnc#897770).\n - btrfs: make send's file extent item search more efficient (bnc#897770).\n - btrfs: fix infinite path build loops in incremental send (bnc#897770).\n - btrfs: send, don't delay dir move if there's a new parent inode\n (bnc#897770).\n - btrfs: add helper btrfs_fdatawrite_range (bnc#902010).\n - btrfs: correctly flush compressed data before/after direct IO\n (bnc#902010).\n - btrfs: make inode.c:compress_file_range() return void (bnc#902010).\n - btrfs: report error after failure inlining extent in compressed write\n path (bnc#902010).\n - btrfs: don't ignore compressed bio write errors (bnc#902010).\n - btrfs: make inode.c:submit_compressed_extents() return void (bnc#902010).\n - btrfs: process all async extents on compressed write failure\n (bnc#902010).\n - btrfs: don't leak pages and memory on compressed write error\n (bnc#902010).\n - btrfs: fix hang on compressed write error (bnc#902010).\n - btrfs: set page and mapping error on compressed write failure\n (bnc#902010).\n - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup\n (bnc#904115).\n\n\n Hyper-V:\n - hyperv: Fix a bug in netvsc_send().\n - hyperv: Fix a bug in netvsc_start_xmit().\n - drivers: hv: vmbus: Enable interrupt driven flow control.\n - drivers: hv: vmbus: Properly protect calls to smp_processor_id().\n - drivers: hv: vmbus: Cleanup hv_post_message().\n - drivers: hv: vmbus: Cleanup vmbus_close_internal().\n - drivers: hv: vmbus: Fix a bug in vmbus_open().\n - drivers: hv: vmbus: Cleanup vmbus_establish_gpadl().\n - drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl().\n - drivers: hv: vmbus: Cleanup vmbus_post_msg().\n - storvsc: get rid of overly verbose warning messages.\n - hyperv: NULL dereference on error.\n - hyperv: Increase the buffer length for netvsc_channel_cb().\n\n zSeries / S390:\n - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177).\n - kernel: reduce function tracer overhead (bnc#903279, LTC#118177).\n - SUNRPC: Handle EPIPE in xprt_connect_status (bnc#901090).\n - SUNRPC: Ensure that we handle ENOBUFS errors correctly (bnc#901090).\n - SUNRPC: Ensure call_connect_status() deals correctly with SOFTCONN tasks\n (bnc#901090).\n - SUNRPC: Ensure that call_connect times out correctly (bnc#901090).\n - SUNRPC: Handle connect errors ECONNABORTED and EHOSTUNREACH (bnc#901090).\n - SUNRPC: Ensure xprt_connect_status handles all potential connection\n errors (bnc#901090).\n - SUNRPC: call_connect_status should recheck bind and connect status on\n error (bnc#901090).\n\n kGraft:\n - kgr: force patching process to succeed (fate#313296).\n - kgr: usb-storage, mark kthread safe (fate#313296 bnc#899908).\n - Refresh patches.suse/kgr-0039-kgr-fix-ugly-race.patch. Fix few bugs, and\n also races (immutable vs mark_processes vs other threads).\n - kgr: always use locked bit ops for thread_info->flags (fate#313296).\n - kgr: lower the workqueue scheduling timeout (fate#313296 bnc#905087).\n - kgr: mark even more kthreads (fate#313296 bnc#904871).\n - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft\n packages (bnc#901925)\n\n Other:\n - NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support (bnc#905758).\n\n - Enable cmac(aes) and cmac(3des_ede) for FIPS mode (bnc#905296\n bnc#905772).\n\n - scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633).\n\n - powerpc/vphn: NUMA node code expects big-endian (bsc#900126).\n\n - net: fix checksum features handling in netif_skb_features() (bnc#891259).\n\n - be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n\n - PCI: pciehp: Clear Data Link Layer State Changed during init\n (bnc#898297).\n - PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898297).\n - PCI: pciehp: Use link change notifications for hot-plug and removal\n (bnc#898297).\n - PCI: pciehp: Make check_link_active() non-static (bnc#898297).\n - PCI: pciehp: Enable link state change notifications (bnc#898297).\n\n - ALSA: hda - Treat zero connection as non-error (bnc#902898).\n\n - bcache: add mutex lock for bch_is_open (bnc#902893).\n\n - futex: Fix a race condition between REQUEUE_PI and task death (bcn\n #851603 (futex scalability series)).\n\n - Linux 3.12.31 (bnc#895983 bnc#897912).\n\n - futex: Ensure get_futex_key_refs() always implies a barrier (bcn #851603\n (futex scalability series)).\n\n - usbback: don't access request fields in shared ring more than once.\n - Update Xen patches to 3.12.30.\n\n - locking/rwsem: Avoid double checking before try acquiring write lock\n (Locking scalability.).\n\n - zcrypt: toleration of new crypto adapter hardware (bnc#894057,\n LTC#117041).\n - zcrypt: support for extended number of ap domains (bnc#894057,\n LTC#117041).\n\n - kABI: protect linux/fs.h include in mm/internal.h.\n\n - Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526 bnc#870498).\n\n - Update patches.fixes/xfs-mark-all-internal-workqueues-as-freezable.patch\n (bnc#899785).\n\n - xfs: mark all internal workqueues as freezable.\n\n - drm/i915: Move DP port disable to post_disable for pch platforms\n (bnc#899787).\n\n - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim\n fix (bnc#895680).\n\n - Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046 bnc#887418 bnc#891619\n bnc#892612 bnc#892650 bnc#897101).\n\n - iommu/vt-d: Work around broken RMRR firmware entries (bnc#892860).\n - iommu/vt-d: Store bus information in RMRR PCI device path (bnc#892860).\n - iommu/vt-d: Only remove domain when device is removed (bnc#883139).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#883139).\n\n - Update config files: Re-enable CONFIG_FUNCTION_PROFILER (bnc#899489)\n Option FUNCTION_PROFILER was enabled in debug and trace kernels so far,\n but it was accidentally disabled before tracing features were merged\n into the default kernel and the trace flavor was discarded. So all\n kernels are missing the feature now. Re-enable it.\n\n - xfs: xlog_cil_force_lsn doesn't always wait correctly.\n\n - scsi: clear 'host_scribble' upon successful abort (bnc#894863).\n\n - module: warn if module init + probe takes long (bnc#889297 bnc#877622\n bnc#889295 bnc#893454).\n\n - mm, THP: don't hold mmap_sem in khugepaged when allocating THP\n (bnc#880767, VM Performance).\n\n - pagecache_limit: batch large nr_to_scan targets (bnc#895221).\n\n - iommu/vt-d: Check return value of acpi_bus_get_device() (bnc#903307).\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot cert in\n /etc/uefi/certs\n\n - sched: Reduce contention in update_cfs_rq_blocked_load() (Scheduler/core\n performance).\n\n - x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n - x86: optimize resource lookups for ioremap (Boot time\n optimisations (bnc#895387)).\n\n - usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904354).\n\n - netxen: Fix link event handling (bnc#873228).\n\n - x86, cpu: Detect more TLB configuration -xen (TLB Performance).\n\n - x86/mm: Fix RCU splat from new TLB tracepoints (TLB Performance).\n - x86/mm: Set TLB flush tunable to sane value (33) (TLB Performance).\n - x86/mm: New tunable for single vs full TLB flush (TLB Performance).\n - x86/mm: Add tracepoints for TLB flushes (TLB Performance).\n - x86/mm: Unify remote INVLPG code (TLB Performance).\n - x86/mm: Fix missed global TLB flush stat (TLB Performance).\n - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB\n Performance).\n - x86, cpu: Detect more TLB configuration (TLB Performance).\n - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on\n IvyBridge (TLB Performance).\n - x86/mm: Clean up the TLB flushing code (TLB Performance).\n - mm: free compound page with correct order (VM Functionality).\n\n - bnx2x: Utilize FW 7.10.51 (bnc#887382).\n - bnx2x: Remove unnecessary internal mem config (bnc#887382).\n\n - rtnetlink: fix oops in rtnl_link_get_slave_info_data_size (bnc#901774).\n\n - dm: do not call dm_sync_table() when creating new devices (bnc#901809).\n\n - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n - uas: replace WARN_ON_ONCE() with lockdep_assert_held() (FATE#315595).\n\n - cxgb4/cxgb4vf: Add Devicde ID for two more adapter (bsc#903999).\n - cxgb4/cxgb4vf: Add device ID for new adapter and remove for dbg adapter\n (bsc#903999).\n - cxgb4: Adds device ID for few more Chelsio T4 Adapters (bsc#903999).\n - cxgb4: Check if rx checksum offload is enabled, while reading hardware\n calculated checksum (bsc#903999).\n\n - xen-pciback: drop SR-IOV VFs when PF driver unloads (bsc#901839).\n\n This update also includes fixes contained in the Linux 3.12.stable release\n series, not seperately listed here.\n\n", "published": "2015-01-16T14:05:04", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00011.html", "cvelist": ["CVE-2014-3673", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-3611", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-9322", "CVE-2014-3185", "CVE-2013-6405", "CVE-2014-8133", "CVE-2014-7826"], "lastseen": "2016-09-04T11:42:33"}, {"id": "SUSE-SU-2015:0652-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix\n security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2013-4299: Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6\n allowed remote authenticated users to obtain sensitive information\n or modify data via a crafted mapping to a snapshot block device\n (bnc#846404).\n * CVE-2014-8160: SCTP firewalling failed until the SCTP module was\n loaded (bnc#913059).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock\n Ridge continuation entries, which allowed local users to cause a\n denial of service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#911325).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 2.6.38 allowed L2 guest OS users to cause a denial of\n service (L1 guest OS crash) via a crafted instruction that triggers\n an L2 emulation failure report, a similar issue to CVE-2014-7842\n (bnc#907822).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in\n the Linux kernel before 3.5.7 did not ensure that a keepalive action\n is associated with a stream socket, which allowed local users to\n cause a denial of service (system crash) by leveraging the ability\n to create a raw socket (bnc#896779).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might allow physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n\n The following non-security bugs have been fixed:\n\n * KVM: SVM: Make Use of the generic guest-mode functions (bnc#907822).\n * KVM: inject #UD if instruction emulation fails and exit to userspace\n (bnc#907822).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: skip request queue cleanup if no elevator is assigned\n (bnc#899338).\n * isofs: Fix unchecked printing of ER records.\n * Re-enable nested-spinlocks-backport patch for xen (bnc#908870).\n * time, ntp: Do not update time_state in middle of leap second\n (bnc#912916).\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * udf: Check component length before reading it.\n * udf: Check path length when reading symlink.\n * udf: Verify i_size when loading inode.\n * udf: Verify symlink size before loading it.\n * vt: prevent race between modifying and reading unicode map\n (bnc#915826).\n * writeback: Do not sync data dirtied after sync start (bnc#833820).\n * xfs: Avoid blocking on inode flush in background inode reclaim\n (bnc#892235).\n\n Security Issues:\n\n * CVE-2010-5313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313</a>>\n * CVE-2012-6657\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657</a>>\n * CVE-2013-4299\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8160\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "published": "2015-04-02T02:06:32", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html", "cvelist": ["CVE-2010-5313", "CVE-2014-9420", "CVE-2014-3673", "CVE-2014-3688", "CVE-2014-8160", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-3185", "CVE-2014-9584", "CVE-2013-7263", "CVE-2014-0181", "CVE-2012-6657", "CVE-2014-7842", "CVE-2014-9585", "CVE-2013-4299", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:57:20"}, {"id": "SUSE-SU-2014:1693-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate\n attackers to cause a denial of service (heap-based out-of-bounds\n write) via a crafted device (bnc#835839).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#853040, bnc#857643).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculated the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346,\n bnc#902349).\n * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allowed local users to\n cause a denial of service (OOPS and system crash) via an invalid\n syscall number, as demonstrated by number 1000 (bnc#883724).\n * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run. NOTE: the author of the LZO\n algorithms says: The Linux kernel is not affected; media hype\n (bnc#883948).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed\n INIT ping-of-death (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-8884: A local user with write access could have used this\n flaw to crash the kernel or elevate privileges (bnc#905522).\n\n The following non-security bugs have been fixed:\n\n * Build the KOTD against the SP3 Update project\n * HID: fix kabi breakage.\n * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when\n CONFIG_NFS_FSCACHE=n.\n * NFS: fix inverted test for delegation in nfs4_reclaim_open_state\n (bnc#903331).\n * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331).\n * NFSv4: nfs4_open_done first must check that GETATTR decoded a file\n type (bnc#899574).\n * PCI: pciehp: Clear Data Link Layer State Changed during init\n (bnc#898295).\n * PCI: pciehp: Enable link state change notifications (bnc#898295).\n * PCI: pciehp: Handle push button event asynchronously (bnc#898295).\n * PCI: pciehp: Make check_link_active() non-static (bnc#898295).\n * PCI: pciehp: Use link change notifications for hot-plug and removal\n (bnc#898295).\n * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295).\n * PCI: pciehp: Use symbolic constants, not hard-coded bitmask\n (bnc#898295).\n * PM / hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: Fix computation of merged request priority.\n * btrfs: Fix wrong device size when we are resizing the device.\n * btrfs: Return right extent when fiemap gives unaligned offset and\n len.\n * btrfs: abtract out range locking in clone ioctl().\n * btrfs: always choose work from prio_head first.\n * btrfs: balance delayed inode updates.\n * btrfs: cache extent states in defrag code path.\n * btrfs: check file extent type before anything else (bnc#897694).\n * btrfs: clone, do not create invalid hole extent map.\n * btrfs: correctly determine if blocks are shared in\n btrfs_compare_trees.\n * btrfs: do not bug_on if we try to cow a free space cache inode.\n * btrfs: ensure btrfs_prev_leaf does not miss 1 item.\n * btrfs: ensure readers see new data after a clone operation.\n * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call.\n * btrfs: filter invalid arg for btrfs resize.\n * btrfs: fix EINVAL checks in btrfs_clone.\n * btrfs: fix EIO on reading file after ioctl clone works on it.\n * btrfs: fix a crash of clone with inline extents split.\n * btrfs: fix crash of compressed writes (bnc#898375).\n * btrfs: fix crash when starting transaction.\n * btrfs: fix deadlock with nested trans handles.\n * btrfs: fix hang on error (such as ENOSPC) when writing extent pages.\n * btrfs: fix leaf corruption after __btrfs_drop_extents.\n * btrfs: fix race between balance recovery and root deletion.\n * btrfs: fix wrong extent mapping for DirectIO.\n * btrfs: handle a missing extent for the first file extent.\n * btrfs: limit delalloc pages outside of find_delalloc_range\n (bnc#898375).\n * btrfs: read lock extent buffer while walking backrefs.\n * btrfs: remove unused wait queue in struct extent_buffer.\n * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.\n * btrfs: replace error code from btrfs_drop_extents.\n * btrfs: unlock extent and pages on error in cow_file_range.\n * btrfs: unlock inodes in correct order in clone ioctl.\n * btrfs_ioctl_clone: Move clone code into its own function.\n * cifs: delay super block destruction until all cifsFileInfo objects\n are gone (bnc#903653).\n * drm/i915: Flush the PTEs after updating them before suspend\n (bnc#901638).\n * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638).\n * ext3: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * ext4: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * fix: use after free of xfs workqueues (bnc#894895).\n * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash\n (bnc#898554).\n * futex: Ensure get_futex_key_refs() always implies a barrier\n (bnc#851603 (futex scalability series)).\n * futex: Fix a race condition between REQUEUE_PI and task death\n (bnc#851603 (futex scalability series)).\n * ipv6: add support of peer address (bnc#896415).\n * ipv6: fix a refcnt leak with peer addr (bnc#896415).\n * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502).\n * mm: change __remove_pages() to call release_mem_region_adjustable()\n (bnc#891790).\n * netxen: Fix link event handling (bnc#873228).\n * netxen: fix link notification order (bnc#873228).\n * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554).\n * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554).\n * ocfs2: fix NULL pointer dereference in\n ocfs2_duplicate_clusters_by_page (bnc#899843).\n * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758).\n * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758).\n * powerpc: Add support for the optimised lockref implementation\n (bsc#893758).\n * powerpc: Implement arch_spin_is_locked() using\n arch_spin_value_unlocked() (bsc#893758).\n * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)).\n * remove filesize checks for sync I/O journal commit (bnc#800255).\n * resource: add __adjust_resource() for internal use (bnc#891790).\n * resource: add release_mem_region_adjustable() (bnc#891790).\n * revert PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * rpm/mkspec: Generate specfiles according to Factory requirements.\n * rpm/mkspec: Generate a per-architecture per-package _constraints file\n * sched: Fix unreleased llc_shared_mask bit during CPU hotplug\n (bnc#891368).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904358).\n * usbback: Do not access request fields in shared ring more than once.\n * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * x86, cpu hotplug: Fix stack frame warning\n incheck_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86, ioremap: Speed up check for RAM pages (Boot time optimisations\n (bnc#895387)).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: optimize resource lookups for ioremap (Boot time optimisations\n (bnc#895387)).\n * x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n * xfs: Do not free EFIs before the EFDs are committed (bsc#755743).\n * xfs: Do not reference the EFI after it is freed (bsc#755743).\n * xfs: fix cil push sequence after log recovery (bsc#755743).\n * zcrypt: support for extended number of ap domains (bnc#894058,\n LTC#117041).\n * zcrypt: toleration of new crypto adapter hardware (bnc#894058,\n LTC#117041).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2889\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-8884\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n", "published": "2014-12-23T19:06:22", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00027.html", "cvelist": ["CVE-2014-3646", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-7841", "CVE-2014-4508", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-3601", "CVE-2014-8884", "CVE-2013-2899", "CVE-2014-4608", "CVE-2013-7263", "CVE-2012-4398", "CVE-2014-7826", "CVE-2013-2889", "CVE-2013-2893", "CVE-2014-3184"], "lastseen": "2016-09-04T12:10:59"}, {"id": "SUSE-SU-2014:1693-2", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate\n attackers to cause a denial of service (heap-based out-of-bounds\n write) via a crafted device (bnc#835839).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#853040, bnc#857643).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculated the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346,\n bnc#902349).\n * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allowed local users to\n cause a denial of service (OOPS and system crash) via an invalid\n syscall number, as demonstrated by number 1000 (bnc#883724).\n * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run. NOTE: the author of the LZO\n algorithms says: The Linux kernel is not affected; media hype\n (bnc#883948).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed\n INIT ping-of-death (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-8884: A local user with write access could have used this\n flaw to crash the kernel or elevate privileges (bnc#905522).\n\n The following non-security bugs have been fixed:\n\n * Build the KOTD against the SP3 Update project\n * HID: fix kabi breakage.\n * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when\n CONFIG_NFS_FSCACHE=n.\n * NFS: fix inverted test for delegation in nfs4_reclaim_open_state\n (bnc#903331).\n * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331).\n * NFSv4: nfs4_open_done first must check that GETATTR decoded a file\n type (bnc#899574).\n * PCI: pciehp: Clear Data Link Layer State Changed during init\n (bnc#898295).\n * PCI: pciehp: Enable link state change notifications (bnc#898295).\n * PCI: pciehp: Handle push button event asynchronously (bnc#898295).\n * PCI: pciehp: Make check_link_active() non-static (bnc#898295).\n * PCI: pciehp: Use link change notifications for hot-plug and removal\n (bnc#898295).\n * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295).\n * PCI: pciehp: Use symbolic constants, not hard-coded bitmask\n (bnc#898295).\n * PM / hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: Fix computation of merged request priority.\n * btrfs: Fix wrong device size when we are resizing the device.\n * btrfs: Return right extent when fiemap gives unaligned offset and\n len.\n * btrfs: abtract out range locking in clone ioctl().\n * btrfs: always choose work from prio_head first.\n * btrfs: balance delayed inode updates.\n * btrfs: cache extent states in defrag code path.\n * btrfs: check file extent type before anything else (bnc#897694).\n * btrfs: clone, do not create invalid hole extent map.\n * btrfs: correctly determine if blocks are shared in\n btrfs_compare_trees.\n * btrfs: do not bug_on if we try to cow a free space cache inode.\n * btrfs: ensure btrfs_prev_leaf does not miss 1 item.\n * btrfs: ensure readers see new data after a clone operation.\n * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call.\n * btrfs: filter invalid arg for btrfs resize.\n * btrfs: fix EINVAL checks in btrfs_clone.\n * btrfs: fix EIO on reading file after ioctl clone works on it.\n * btrfs: fix a crash of clone with inline extents split.\n * btrfs: fix crash of compressed writes (bnc#898375).\n * btrfs: fix crash when starting transaction.\n * btrfs: fix deadlock with nested trans handles.\n * btrfs: fix hang on error (such as ENOSPC) when writing extent pages.\n * btrfs: fix leaf corruption after __btrfs_drop_extents.\n * btrfs: fix race between balance recovery and root deletion.\n * btrfs: fix wrong extent mapping for DirectIO.\n * btrfs: handle a missing extent for the first file extent.\n * btrfs: limit delalloc pages outside of find_delalloc_range\n (bnc#898375).\n * btrfs: read lock extent buffer while walking backrefs.\n * btrfs: remove unused wait queue in struct extent_buffer.\n * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.\n * btrfs: replace error code from btrfs_drop_extents.\n * btrfs: unlock extent and pages on error in cow_file_range.\n * btrfs: unlock inodes in correct order in clone ioctl.\n * btrfs_ioctl_clone: Move clone code into its own function.\n * cifs: delay super block destruction until all cifsFileInfo objects\n are gone (bnc#903653).\n * drm/i915: Flush the PTEs after updating them before suspend\n (bnc#901638).\n * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638).\n * ext3: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * ext4: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * fix: use after free of xfs workqueues (bnc#894895).\n * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash\n (bnc#898554).\n * futex: Ensure get_futex_key_refs() always implies a barrier\n (bnc#851603 (futex scalability series)).\n * futex: Fix a race condition between REQUEUE_PI and task death\n (bnc#851603 (futex scalability series)).\n * ipv6: add support of peer address (bnc#896415).\n * ipv6: fix a refcnt leak with peer addr (bnc#896415).\n * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502).\n * mm: change __remove_pages() to call release_mem_region_adjustable()\n (bnc#891790).\n * netxen: Fix link event handling (bnc#873228).\n * netxen: fix link notification order (bnc#873228).\n * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554).\n * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554).\n * ocfs2: fix NULL pointer dereference in\n ocfs2_duplicate_clusters_by_page (bnc#899843).\n * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758).\n * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758).\n * powerpc: Add support for the optimised lockref implementation\n (bsc#893758).\n * powerpc: Implement arch_spin_is_locked() using\n arch_spin_value_unlocked() (bsc#893758).\n * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)).\n * remove filesize checks for sync I/O journal commit (bnc#800255).\n * resource: add __adjust_resource() for internal use (bnc#891790).\n * resource: add release_mem_region_adjustable() (bnc#891790).\n * revert PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * rpm/mkspec: Generate specfiles according to Factory requirements.\n * rpm/mkspec: Generate a per-architecture per-package _constraints file\n * sched: Fix unreleased llc_shared_mask bit during CPU hotplug\n (bnc#891368).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904358).\n * usbback: Do not access request fields in shared ring more than once.\n * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * x86, cpu hotplug: Fix stack frame warning\n incheck_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86, ioremap: Speed up check for RAM pages (Boot time optimisations\n (bnc#895387)).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: optimize resource lookups for ioremap (Boot time optimisations\n (bnc#895387)).\n * x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n * xfs: Do not free EFIs before the EFDs are committed (bsc#755743).\n * xfs: Do not reference the EFI after it is freed (bsc#755743).\n * xfs: fix cil push sequence after log recovery (bsc#755743).\n * zcrypt: support for extended number of ap domains (bnc#894058,\n LTC#117041).\n * zcrypt: toleration of new crypto adapter hardware (bnc#894058,\n LTC#117041).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2889\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-8884\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n", "published": "2014-12-24T08:08:49", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00033.html", "cvelist": ["CVE-2014-3646", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-7841", "CVE-2014-4508", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-3601", "CVE-2014-8884", "CVE-2013-2899", "CVE-2014-4608", "CVE-2013-7263", "CVE-2012-4398", "CVE-2014-7826", "CVE-2013-2889", "CVE-2013-2893", "CVE-2014-3184"], "lastseen": "2016-09-04T12:38:48"}, {"id": "SUSE-SU-2014:1695-2", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate\n attackers to cause a denial of service (heap-based out-of-bounds\n write) via a crafted device (bnc#835839).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#853040, bnc#857643).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculated the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346,\n bnc#902349).\n * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allowed local users to\n cause a denial of service (OOPS and system crash) via an invalid\n syscall number, as demonstrated by number 1000 (bnc#883724).\n * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run. NOTE: the author of the LZO\n algorithms says: The Linux kernel is not affected; media hype\n (bnc#883948).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed\n INIT ping-of-death (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-8884: A local user with write access could have used this\n flaw to crash the kernel or elevate privileges (bnc#905522).\n\n The following non-security bugs have been fixed:\n\n * Build the KOTD against the SP3 Update project\n * HID: fix kabi breakage.\n * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when\n CONFIG_NFS_FSCACHE=n.\n * NFS: fix inverted test for delegation in nfs4_reclaim_open_state\n (bnc#903331).\n * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331).\n * NFSv4: nfs4_open_done first must check that GETATTR decoded a file\n type (bnc#899574).\n * PCI: pciehp: Clear Data Link Layer State Changed during init\n (bnc#898295).\n * PCI: pciehp: Enable link state change notifications (bnc#898295).\n * PCI: pciehp: Handle push button event asynchronously (bnc#898295).\n * PCI: pciehp: Make check_link_active() non-static (bnc#898295).\n * PCI: pciehp: Use link change notifications for hot-plug and removal\n (bnc#898295).\n * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295).\n * PCI: pciehp: Use symbolic constants, not hard-coded bitmask\n (bnc#898295).\n * PM / hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: Fix computation of merged request priority.\n * btrfs: Fix wrong device size when we are resizing the device.\n * btrfs: Return right extent when fiemap gives unaligned offset and\n len.\n * btrfs: abtract out range locking in clone ioctl().\n * btrfs: always choose work from prio_head first.\n * btrfs: balance delayed inode updates.\n * btrfs: cache extent states in defrag code path.\n * btrfs: check file extent type before anything else (bnc#897694).\n * btrfs: clone, do not create invalid hole extent map.\n * btrfs: correctly determine if blocks are shared in\n btrfs_compare_trees.\n * btrfs: do not bug_on if we try to cow a free space cache inode.\n * btrfs: ensure btrfs_prev_leaf does not miss 1 item.\n * btrfs: ensure readers see new data after a clone operation.\n * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call.\n * btrfs: filter invalid arg for btrfs resize.\n * btrfs: fix EINVAL checks in btrfs_clone.\n * btrfs: fix EIO on reading file after ioctl clone works on it.\n * btrfs: fix a crash of clone with inline extents split.\n * btrfs: fix crash of compressed writes (bnc#898375).\n * btrfs: fix crash when starting transaction.\n * btrfs: fix deadlock with nested trans handles.\n * btrfs: fix hang on error (such as ENOSPC) when writing extent pages.\n * btrfs: fix leaf corruption after __btrfs_drop_extents.\n * btrfs: fix race between balance recovery and root deletion.\n * btrfs: fix wrong extent mapping for DirectIO.\n * btrfs: handle a missing extent for the first file extent.\n * btrfs: limit delalloc pages outside of find_delalloc_range\n (bnc#898375).\n * btrfs: read lock extent buffer while walking backrefs.\n * btrfs: remove unused wait queue in struct extent_buffer.\n * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.\n * btrfs: replace error code from btrfs_drop_extents.\n * btrfs: unlock extent and pages on error in cow_file_range.\n * btrfs: unlock inodes in correct order in clone ioctl.\n * btrfs_ioctl_clone: Move clone code into its own function.\n * cifs: delay super block destruction until all cifsFileInfo objects\n are gone (bnc#903653).\n * drm/i915: Flush the PTEs after updating them before suspend\n (bnc#901638).\n * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638).\n * ext3: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * ext4: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * fix: use after free of xfs workqueues (bnc#894895).\n * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash\n (bnc#898554).\n * futex: Ensure get_futex_key_refs() always implies a barrier\n (bnc#851603 (futex scalability series)).\n * futex: Fix a race condition between REQUEUE_PI and task death\n (bnc#851603 (futex scalability series)).\n * ipv6: add support of peer address (bnc#896415).\n * ipv6: fix a refcnt leak with peer addr (bnc#896415).\n * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502).\n * mm: change __remove_pages() to call release_mem_region_adjustable()\n (bnc#891790).\n * netxen: Fix link event handling (bnc#873228).\n * netxen: fix link notification order (bnc#873228).\n * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554).\n * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554).\n * ocfs2: fix NULL pointer dereference in\n ocfs2_duplicate_clusters_by_page (bnc#899843).\n * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758).\n * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758).\n * powerpc: Add support for the optimised lockref implementation\n (bsc#893758).\n * powerpc: Implement arch_spin_is_locked() using\n arch_spin_value_unlocked() (bsc#893758).\n * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)).\n * remove filesize checks for sync I/O journal commit (bnc#800255).\n * resource: add __adjust_resource() for internal use (bnc#891790).\n * resource: add release_mem_region_adjustable() (bnc#891790).\n * revert PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * rpm/mkspec: Generate specfiles according to Factory requirements.\n * rpm/mkspec: Generate a per-architecture per-package _constraints file\n * sched: Fix unreleased llc_shared_mask bit during CPU hotplug\n (bnc#891368).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904358).\n * usbback: Do not access request fields in shared ring more than once.\n * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * x86, cpu hotplug: Fix stack frame warning\n incheck_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86, ioremap: Speed up check for RAM pages (Boot time optimisations\n (bnc#895387)).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: optimize resource lookups for ioremap (Boot time optimisations\n (bnc#895387)).\n * x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n * xfs: Do not free EFIs before the EFDs are committed (bsc#755743).\n * xfs: Do not reference the EFI after it is freed (bsc#755743).\n * xfs: fix cil push sequence after log recovery (bsc#755743).\n * zcrypt: support for extended number of ap domains (bnc#894058,\n LTC#117041).\n * zcrypt: toleration of new crypto adapter hardware (bnc#894058,\n LTC#117041).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2889\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-8884\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n", "published": "2015-01-14T19:04:44", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00005.html", "cvelist": ["CVE-2014-3646", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-4508", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-9322", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-3601", "CVE-2014-8884", "CVE-2013-2899", "CVE-2014-4608", "CVE-2013-7263", "CVE-2012-4398", "CVE-2014-8133", "CVE-2014-7826", "CVE-2013-2889", "CVE-2013-2893", "CVE-2014-3184"], "lastseen": "2016-09-04T11:28:40"}, {"id": "SUSE-SU-2014:1695-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate\n attackers to cause a denial of service (heap-based out-of-bounds\n write) via a crafted device (bnc#835839).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#853040, bnc#857643).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculated the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346,\n bnc#902349).\n * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allowed local users to\n cause a denial of service (OOPS and system crash) via an invalid\n syscall number, as demonstrated by number 1000 (bnc#883724).\n * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run. NOTE: the author of the LZO\n algorithms says: The Linux kernel is not affected; media hype\n (bnc#883948).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed\n INIT ping-of-death (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-8884: A local user with write access could have used this\n flaw to crash the kernel or elevate privileges (bnc#905522).\n\n The following non-security bugs have been fixed:\n\n * Build the KOTD against the SP3 Update project\n * HID: fix kabi breakage.\n * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when\n CONFIG_NFS_FSCACHE=n.\n * NFS: fix inverted test for delegation in nfs4_reclaim_open_state\n (bnc#903331).\n * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331).\n * NFSv4: nfs4_open_done first must check that GETATTR decoded a file\n type (bnc#899574).\n * PCI: pciehp: Clear Data Link Layer State Changed during init\n (bnc#898295).\n * PCI: pciehp: Enable link state change notifications (bnc#898295).\n * PCI: pciehp: Handle push button event asynchronously (bnc#898295).\n * PCI: pciehp: Make check_link_active() non-static (bnc#898295).\n * PCI: pciehp: Use link change notifications for hot-plug and removal\n (bnc#898295).\n * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295).\n * PCI: pciehp: Use symbolic constants, not hard-coded bitmask\n (bnc#898295).\n * PM / hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * be2net: Fix invocation of be_close() after be_clear() (bnc#895468).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: Fix computation of merged request priority.\n * btrfs: Fix wrong device size when we are resizing the device.\n * btrfs: Return right extent when fiemap gives unaligned offset and\n len.\n * btrfs: abtract out range locking in clone ioctl().\n * btrfs: always choose work from prio_head first.\n * btrfs: balance delayed inode updates.\n * btrfs: cache extent states in defrag code path.\n * btrfs: check file extent type before anything else (bnc#897694).\n * btrfs: clone, do not create invalid hole extent map.\n * btrfs: correctly determine if blocks are shared in\n btrfs_compare_trees.\n * btrfs: do not bug_on if we try to cow a free space cache inode.\n * btrfs: ensure btrfs_prev_leaf does not miss 1 item.\n * btrfs: ensure readers see new data after a clone operation.\n * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call.\n * btrfs: filter invalid arg for btrfs resize.\n * btrfs: fix EINVAL checks in btrfs_clone.\n * btrfs: fix EIO on reading file after ioctl clone works on it.\n * btrfs: fix a crash of clone with inline extents split.\n * btrfs: fix crash of compressed writes (bnc#898375).\n * btrfs: fix crash when starting transaction.\n * btrfs: fix deadlock with nested trans handles.\n * btrfs: fix hang on error (such as ENOSPC) when writing extent pages.\n * btrfs: fix leaf corruption after __btrfs_drop_extents.\n * btrfs: fix race between balance recovery and root deletion.\n * btrfs: fix wrong extent mapping for DirectIO.\n * btrfs: handle a missing extent for the first file extent.\n * btrfs: limit delalloc pages outside of find_delalloc_range\n (bnc#898375).\n * btrfs: read lock extent buffer while walking backrefs.\n * btrfs: remove unused wait queue in struct extent_buffer.\n * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX.\n * btrfs: replace error code from btrfs_drop_extents.\n * btrfs: unlock extent and pages on error in cow_file_range.\n * btrfs: unlock inodes in correct order in clone ioctl.\n * btrfs_ioctl_clone: Move clone code into its own function.\n * cifs: delay super block destruction until all cifsFileInfo objects\n are gone (bnc#903653).\n * drm/i915: Flush the PTEs after updating them before suspend\n (bnc#901638).\n * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638).\n * ext3: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * ext4: return 32/64-bit dir name hash according to usage type\n (bnc#898554).\n * fix: use after free of xfs workqueues (bnc#894895).\n * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash\n (bnc#898554).\n * futex: Ensure get_futex_key_refs() always implies a barrier\n (bnc#851603 (futex scalability series)).\n * futex: Fix a race condition between REQUEUE_PI and task death\n (bnc#851603 (futex scalability series)).\n * ipv6: add support of peer address (bnc#896415).\n * ipv6: fix a refcnt leak with peer addr (bnc#896415).\n * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502).\n * mm: change __remove_pages() to call release_mem_region_adjustable()\n (bnc#891790).\n * netxen: Fix link event handling (bnc#873228).\n * netxen: fix link notification order (bnc#873228).\n * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554).\n * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554).\n * ocfs2: fix NULL pointer dereference in\n ocfs2_duplicate_clusters_by_page (bnc#899843).\n * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758).\n * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758).\n * powerpc: Add support for the optimised lockref implementation\n (bsc#893758).\n * powerpc: Implement arch_spin_is_locked() using\n arch_spin_value_unlocked() (bsc#893758).\n * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)).\n * remove filesize checks for sync I/O journal commit (bnc#800255).\n * resource: add __adjust_resource() for internal use (bnc#891790).\n * resource: add release_mem_region_adjustable() (bnc#891790).\n * revert PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * rpm/mkspec: Generate specfiles according to Factory requirements.\n * rpm/mkspec: Generate a per-architecture per-package _constraints file\n * sched: Fix unreleased llc_shared_mask bit during CPU hotplug\n (bnc#891368).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * usb: Do not re-read descriptors for wired devices in\n usb_authorize_device() (bnc#904358).\n * usbback: Do not access request fields in shared ring more than once.\n * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * x86, cpu hotplug: Fix stack frame warning\n incheck_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86, ioremap: Speed up check for RAM pages (Boot time optimisations\n (bnc#895387)).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: optimize resource lookups for ioremap (Boot time optimisations\n (bnc#895387)).\n * x86: use optimized ioresource lookup in ioremap function (Boot time\n optimisations (bnc#895387)).\n * xfs: Do not free EFIs before the EFDs are committed (bsc#755743).\n * xfs: Do not reference the EFI after it is freed (bsc#755743).\n * xfs: fix cil push sequence after log recovery (bsc#755743).\n * zcrypt: support for extended number of ap domains (bnc#894058,\n LTC#117041).\n * zcrypt: toleration of new crypto adapter hardware (bnc#894058,\n LTC#117041).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2889\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2889</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-8884\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n", "published": "2014-12-23T20:05:05", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00029.html", "cvelist": ["CVE-2014-3646", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-9090", "CVE-2014-7841", "CVE-2014-4508", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-9322", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-3601", "CVE-2014-8884", "CVE-2013-2899", "CVE-2014-4608", "CVE-2013-7263", "CVE-2012-4398", "CVE-2014-8133", "CVE-2014-7826", "CVE-2013-2889", "CVE-2013-2893", "CVE-2014-3184"], "lastseen": "2016-09-04T12:22:34"}, {"id": "OPENSUSE-SU-2014:1677-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The openSUSE 13.1 kernel was updated to fix security issues and bugs:\n\n Security issues fixed: CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed, which could be used\n by local attackers to crash the machine or execute code.\n\n CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in\n the Linux kernel did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allowed local users to cause a denial\n of service (panic) via a modify_ldt system call, as demonstrated by\n sigreturn_32 in the linux-clock-tests test suite.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-0181: The Netlink implementation in the Linux kernel through\n 3.14.1 did not provide a mechanism for authorizing socket operations based\n on the opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051)\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (memory consumption) by triggering\n a large number of chunks in an association's output queue, as demonstrated\n by ASCONF probes, related to net/sctp/inqueue.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter.\n\n CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\n kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\n calls that change the root filesystem to read-only, which allowed local\n users to cause a denial of service (loss of writability) by making certain\n unshare system calls, clearing the / MNT_LOCKED flag, and making an\n MNT_FORCE umount system call.\n\n CVE-2014-8884: Stack-based buffer overflow in the\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) or possibly gain\n privileges via a large message length in an ioctl call.\n\n CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\n Linux kernel, as used in Android on Nexus 7 devices, allowed physically\n proximate attackers to cause a denial of service (system crash) or\n possibly execute arbitrary code via a crafted device that sends a large\n report.\n\n CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel, when ASCONF is used,\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk.\n\n CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as\n used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in\n lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit\n platforms might allow context-dependent attackers to cause a denial of\n service (memory corruption) or possibly have unspecified other impact via\n a crafted Literal Run that would be improperly handled by programs not\n complying with an API limitation, a different vulnerability than\n CVE-2014-4715.\n\n CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\n function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the\n Linux kernel allowed context-dependent attackers to cause a denial\n of service (memory corruption) via a crafted Literal Run.\n\n CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the\n Linux kernel did not properly maintain a certain tail pointer, which\n allowed remote attackers to obtain sensitive cleartext information by\n reading packets.\n\n CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback\n function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial\n Driver in the Linux kernel allowed physically proximate attackers to\n execute arbitrary code or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\n CVE-2014-3184: The report_fixup functions in the HID subsystem in the\n Linux kernel might have allowed physically proximate attackers to cause a\n denial of service (out-of-bounds write) via a crafted device that provides\n a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2)\n drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)\n drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6)\n drivers/hid/hid-sunplus.c.\n\n CVE-2014-3182: Array index error in the logi_dj_raw_event function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\n proximate attackers to execute arbitrary code or cause a denial of service\n (invalid kfree) via a crafted device that provides a malformed\n REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\n CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic\n Mouse HID driver in the Linux kernel allowed physically proximate\n attackers to cause a denial of service (system crash) or possibly execute\n arbitrary code via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with an event.\n\n CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not\n properly handle private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted application.\n\n CVE-2013-7263: The Linux kernel updated certain length values before\n ensuring that associated data structures have been initialized, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\n related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port\n number when using ipv6 sockets. (bsc#853040).\n\n CVE-2013-2898: Fixed potential kernel caller confusion via\n past-end-of-heap-allocation read in sensor-hub HID driver.\n\n CVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in steelseries\n HID driver.\n\n VE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux\n kernel did not restrict the amount of ICB indirection, which allowed\n physically proximate attackers to cause a denial of service (infinite loop\n or stack consumption) via a UDF filesystem with a crafted inode.\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel allowed local users to cause a denial of service (uncontrolled\n recursion, and system crash or reboot) via a crafted iso9660 image with a\n CL entry referring to a directory entry that has a CL entry.\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial\n of service (unkillable mount process) via a crafted iso9660 image with a\n self-referential CL entry.\n\n CVE-2014-0206: Array index error in the aio_read_events_ring function in\n fs/aio.c in the Linux kernel allowed local users to obtain sensitive\n information from kernel memory via a large head value.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5206: The do_remount function in fs/namespace.c in the Linux\n kernel did not maintain the MNT_LOCK_READONLY bit across a remount of a\n bind mount, which allowed local users to bypass an intended read-only\n restriction and defeat certain sandbox protection mechanisms via a "mount\n -o remount" command within a user namespace.\n\n CVE-2014-5207: fs/namespace.c in the Linux kernel did not properly\n restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which allowed local users\n to gain privileges, interfere with backups and auditing on systems that\n had atime enabled, or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a "mount -o remount"\n command within a user namespace.\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel did not initialize a\n certain data structure, which allowed local users to obtain sensitive\n information from kernel memory by leveraging /dev/media0 read access for a\n MEDIA_IOC_ENUM_ENTITIES ioctl call.\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel allowed local users to gain privileges by leveraging data-structure\n differences between an l2tp socket and an inet socket.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel, when SCTP authentication is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer dereference and OOPS)\n by starting to establish an association between two endpoints immediately\n after an exchange of INIT and INIT ACK chunks to establish an earlier\n association between these endpoints in the opposite direction.\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement\n the interaction between range notification and hole punching, which\n allowed local users to cause a denial of service (i_mutex hold) by using\n the mmap system call to access a hole, as demonstrated by interfering with\n intended shmem activity by blocking completion of (1) an MADV_REMOVE\n madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.\n\n Also the following bugs were fixed:\n - KEYS: Fix stale key registration at error path (bnc#908163).\n\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n\n - xfs: fix directory hash ordering bug.\n - xfs: mark all internal workqueues as freezable (bnc#899785).\n\n - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n - cfq-iosched: Fix wrong children_weight calculation (bnc#893429).\n\n - target/rd: Refactor rd_build_device_space + rd_release_device_space\n (bnc#882639).\n\n - Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch\n (bnc#887046).\n\n - usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports\n (bnc#864375).\n - xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown\n (bnc#864375).\n - xhci: Switch Intel Lynx Point ports to EHCI on shutdown (bnc#864375).\n\n - ALSA: hda - Fix broken PM due to incomplete i915 initialization\n (bnc#890114).\n\n - netbk: Don't destroy the netdev until the vif is shut down (bnc#881008).\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - PM / sleep: Fix request_firmware() error at resume (bnc#873790).\n\n - usbcore: don't log on consecutive debounce failures of the same port\n (bnc#818966).\n\n", "published": "2014-12-21T13:04:41", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00021.html", "cvelist": ["CVE-2014-5077", "CVE-2014-3182", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-1739", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2013-2891", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-0206", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7975", "CVE-2014-3185", "CVE-2014-5206", "CVE-2014-4715", "CVE-2014-8884", "CVE-2014-4608", "CVE-2014-4611", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-5207", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:38:24"}, {"id": "SUSE-SU-2015:0481-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated\n to fix security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use\n the get_dumpable function, which allowed local users to bypass\n intended ptrace restrictions or obtain sensitive information from\n IA64 scratch registers via a crafted application, related to\n kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2014-0131: Use-after-free vulnerability in the skb_segment\n function in net/core/skbuff.c in the Linux kernel through 3.13.6\n allowed attackers to obtain sensitive information from kernel memory\n by leveraging the absence of a certain orphaning operation\n (bnc#867723).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 did not properly count the addition of\n routes, which allowed remote attackers to cause a denial of service\n (memory consumption) via a flood of ICMPv6 Router Advertisement\n packets (bnc#867531).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might have allowed physically\n proximate attackers to cause a denial of service (out-of-bounds\n write) via a crafted device that provides a small report descriptor,\n related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,\n (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel before 3.17.2 on Intel processors did not ensure that the\n value in the CR4 control register remains the same after a VM entry,\n which allowed host OS users to kill arbitrary processes or cause a\n denial of service (system disruption) by leveraging /dev/kvm access,\n as demonstrated by PR_SET_TSC prctl calls within a modified copy of\n QEMU (bnc#902232).\n * CVE-2014-4608: Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run (bnc#883948).\n * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allowed local users to gain privileges\n by leveraging data-structure differences between an l2tp socket and\n an inet socket (bnc#887082).\n * CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\n Linux kernel through 3.16.1 allowed local users to cause a denial of\n service (uncontrolled recursion, and system crash or reboot) via a\n crafted iso9660 image with a CL entry referring to a directory entry\n that has a CL entry (bnc#892490).\n * CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local\n users to cause a denial of service (unkillable mount process) via a\n crafted iso9660 image with a self-referential CL entry (bnc#892490).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an\n improper paravirt_enabled setting for KVM guest kernels, which made\n it easier for guest OS users to bypass the ASLR protection mechanism\n via a crafted application that reads a 16-bit value (bnc#909078).\n * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.17.2 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to cause a denial of service (host OS page unpinning) or\n possibly have unspecified other impact by leveraging guest OS\n privileges. NOTE: this vulnerability exists because of an incorrect\n fix for CVE-2014-3601 (bnc#902675).\n * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux\n kernel through 3.17.2 did not properly maintain the semantics of\n rename_lock, which allowed local users to cause a denial of service\n (deadlock and system hang) via a crafted application (bnc#903640).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n\n The following non-security bugs have been fixed:\n\n * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588,\n bnc#905799).\n * HID: add usage_index in struct hid_usage (bnc#835839).\n * Revert PM / reboot: call syscore_shutdown() after\n disable_nonboot_cpus() Reduce time to shutdown large machines\n (bnc#865442 bnc#907396).\n * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()\n Reduce time to shutdown large machines (bnc#865442 bnc#907396).\n * dm-mpath: fix panic on deleting sg device (bnc#870161).\n * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix\n bnc#880892).\n * handle more than just WS2008 in heartbeat negotiation (bnc#901885).\n * memcg: do not expose uninitialized mem_cgroup_per_node to world\n (bnc#883096).\n * mm: fix BUG in __split_huge_page_pmd (bnc#906586).\n * pagecachelimit: reduce lru_lock congestion for heavy parallel\n reclaim fix (bnc#895680, bnc#907189).\n * s390/3215: fix hanging console issue (bnc#898693, bnc#897995,\n LTC#115466).\n * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693,\n LTC#104168).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * target/rd: Refactor rd_build_device_space + rd_release_device_space.\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * xfs: recheck buffer pinned status after push trylock failure\n (bnc#907338).\n * xfs: remove log force from xfs_buf_trylock() (bnc#907338).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-2929\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0131\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-2309\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-3690\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8134\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>>\n * CVE-2014-8369\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>>\n * CVE-2014-8559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "published": "2015-03-11T20:05:42", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "cvelist": ["CVE-2014-3646", "CVE-2014-8369", "CVE-2014-0131", "CVE-2010-5313", "CVE-2014-8134", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-3688", "CVE-2013-2929", "CVE-2014-7841", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-4943", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-5472", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-8559", "CVE-2014-3601", "CVE-2014-2309", "CVE-2013-2899", "CVE-2014-4608", "CVE-2014-9584", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-3690", "CVE-2012-4398", "CVE-2014-5471", "CVE-2014-7842", "CVE-2014-7826", "CVE-2014-9585", "CVE-2013-2893", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:50:51"}]}}