Kernel security update: CVE-2017-18017; Virtuozzo ReadyKernel patch 42.0 for Virtuozzo 7.0.4, 7.0.4 HF3, 7.0.5, 7.0.6, and 7.0.6 HF3
2018-01-12T00:00:00
ID VZA-2018-005 Type virtuozzo Reporter Virtuozzo Modified 2018-01-12T00:00:00
Description
The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5), 3.10.0-693.1.1.vz7.37.30 (Virtuozzo 7.0.6), and 3.10.0-693.11.6.vz7.40.4 (Virtuozzo 7.0.6 HF3).
Vulnerability id: CVE-2017-18017
If the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker could cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.
{"cve": [{"lastseen": "2020-10-03T13:07:40", "description": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-03T06:29:00", "title": "CVE-2017-18017", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18017"], "modified": "2018-11-30T21:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.9.3", "cpe:/o:linux:linux_kernel:4.10.5", "cpe:/o:linux:linux_kernel:4.9.35", "cpe:/o:linux:linux_kernel:4.9.16", "cpe:/o:linux:linux_kernel:4.9.19", "cpe:/o:linux:linux_kernel:4.10.13", "cpe:/o:linux:linux_kernel:4.9.23", "cpe:/o:linux:linux_kernel:4.9.11", "cpe:/o:linux:linux_kernel:4.10.12", "cpe:/o:linux:linux_kernel:4.9.12", "cpe:/o:linux:linux_kernel:4.10.8", "cpe:/o:linux:linux_kernel:4.9.6", "cpe:/o:linux:linux_kernel:4.9.13", "cpe:/o:linux:linux_kernel:4.10.9", "cpe:/o:linux:linux_kernel:4.9.9", "cpe:/o:linux:linux_kernel:4.9.18", "cpe:/o:linux:linux_kernel:4.10.10", "cpe:/o:linux:linux_kernel:4.9.34", "cpe:/o:linux:linux_kernel:4.9.30", "cpe:/o:linux:linux_kernel:4.9.2", "cpe:/o:linux:linux_kernel:4.9.8", "cpe:/o:linux:linux_kernel:4.9.32", "cpe:/o:linux:linux_kernel:4.10.4", "cpe:/o:linux:linux_kernel:4.9.15", "cpe:/o:linux:linux_kernel:4.9.26", "cpe:/o:linux:linux_kernel:4.9.25", "cpe:/o:linux:linux_kernel:4.9.22", "cpe:/o:linux:linux_kernel:4.9.20", "cpe:/o:linux:linux_kernel:4.9.28", "cpe:/o:linux:linux_kernel:4.10", "cpe:/o:linux:linux_kernel:4.10.7", "cpe:/o:linux:linux_kernel:4.9.17", "cpe:/o:linux:linux_kernel:4.9.10", "cpe:/o:linux:linux_kernel:4.9.7", "cpe:/o:linux:linux_kernel:4.9.1", "cpe:/o:linux:linux_kernel:4.9.5", "cpe:/o:linux:linux_kernel:4.9.14", "cpe:/o:linux:linux_kernel:4.9.21", "cpe:/o:linux:linux_kernel:4.10.15", "cpe:/o:linux:linux_kernel:4.10.1", "cpe:/o:linux:linux_kernel:4.9.33", "cpe:/o:linux:linux_kernel:4.9.24", "cpe:/o:linux:linux_kernel:4.10.11", "cpe:/o:linux:linux_kernel:4.9", "cpe:/o:linux:linux_kernel:4.10.6", "cpe:/o:linux:linux_kernel:4.9.31", "cpe:/o:linux:linux_kernel:4.10.3", "cpe:/o:linux:linux_kernel:4.9.4", "cpe:/o:linux:linux_kernel:4.10.2", "cpe:/o:linux:linux_kernel:4.9.27", "cpe:/o:linux:linux_kernel:4.11", "cpe:/o:linux:linux_kernel:4.9.29", "cpe:/o:linux:linux_kernel:4.10.14"], "id": "CVE-2017-18017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.9.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.10.2:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-06-21T02:42:37", "bulletinFamily": "software", "cvelist": ["CVE-2017-18017"], "description": "\nF5 Product Development has assigned ID 461496 (ARX) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | None | Not applicable | Not vulnerable2 | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | 6.2.0 - 6.4.0 | None | Medium | [5.9](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ (Cloud, Device, Security, ADC) | 4.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable2 | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable2 | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable2 | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Note**: For details about how Security Advisory articles are versioned, and what versions are listed in the table, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-01-17T00:25:00", "published": "2018-01-17T00:25:00", "id": "F5:K18352029", "href": "https://support.f5.com/csp/article/K18352029", "title": "Linux kernel vulnerability CVE-2017-18017", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5333", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "description": "This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab128.2 that introduces security and stability fixes and is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.23.1.el6. This kernel was recompiled by the updated gcc with retpolines support. Retpolines are a technique used by the kernel to reduce overhead of mitigating Spectre Variant 2 attacks described in CVE-2017-5715. In addition, the update features a non-kernel fix for VSTOR-7228.\n**Vulnerability id:** CVE-2018-5332\nIn the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic.\n\n**Vulnerability id:** CVE-2018-5333\nThe rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.\n\n**Vulnerability id:** CVE-2017-18017\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.\n\n", "edition": 1, "modified": "2018-03-26T00:00:00", "published": "2018-03-26T00:00:00", "id": "VZA-2018-017", "href": "https://help.virtuozzo.com/customer/portal/articles/2930690", "title": "Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2, Virtuozzo 6.0 Update 12 Hotfix 22 (6.0.12-3701)", "type": "virtuozzo", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5333", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "description": "This update provides a new Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 kernel 2.6.32-042stab128.2 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.23.1.el6. This kernel was recompiled by the updated gcc with retpolines support. Retpolines are a technique used by the kernel to reduce overhead of mitigating Spectre Variant 2 attacks described in CVE-2017-5715. The kernel also introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-5332\nIn the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic.\n\n**Vulnerability id:** CVE-2018-5333\nThe rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.\n\n**Vulnerability id:** CVE-2017-18017\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.\n\n", "edition": 1, "modified": "2018-03-26T00:00:00", "published": "2018-03-26T00:00:00", "id": "VZA-2018-016", "href": "https://help.virtuozzo.com/customer/portal/articles/2930689", "title": "Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15129", "CVE-2017-8824", "CVE-2017-16939", "CVE-2016-5195", "CVE-2017-18017", "CVE-2017-1000405"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.42.0.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.42.0.vz7.20.18 (Virtuozzo 7.0.3).\n**Vulnerability id:** CVE-2017-8824\nA vulnerability was found in DCCP socket handling code. dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges.\n\n**Vulnerability id:** CVE-2017-16939\nThe Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system.\n\n**Vulnerability id:** CVE-2017-15129\nThe function get_net_ns_by_id() does not check the net.count value when processing a peer network, which could lead to double free and memory corruption. An unprivileged local user could use this vulnerability to crash the system.\n\n**Vulnerability id:** CVE-2017-18017\nIf the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker could cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.\n\n**Vulnerability id:** CVE-2017-1000405\nA flaw was found in the patches used to fix the 'Dirty COW' vulnerability (CVE-2016-5195). An attacker, able to run local code, could exploit a race condition in transparent huge pages to modify usually read-only huge pages.\n\n", "edition": 1, "modified": "2018-01-12T00:00:00", "published": "2018-01-12T00:00:00", "id": "VZA-2018-004", "href": "https://help.virtuozzo.com/customer/portal/articles/2915392", "title": "Important kernel security update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 42.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3", "type": "virtuozzo", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-14T13:16:24", "description": "The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability.\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allows a remote, unauthenticated\nattacker to cause a DoS (use-after-free and memory corruption) or possibly have unspecified other impacts by leveraging\nthe presence of xt_TCPMSS in an iptables action.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "title": "Arista Networks tcpmss_mangle_packet DoS (SA0034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18017"], "modified": "2020-02-24T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0034.NASL", "href": "https://www.tenable.com/plugins/nessus/133865", "sourceData": "#TRUSTED 28d8bf50de4500910333209ba977ad75d5c33755ec911893eebae57d9c56009ad60ec732871ea04ccf50de7ff576b5a88eb8bafa628917f69255bc9613324c09114cb8a62a482c41064b689aa61ba0ef01d41685390956c8bd3003fe84d893e479fb909670bfb3b119047ba39c0527984bd280398a7f02a21dadee033fa9dc6f8258e116203e3cf5046566e871d9c21c9887f7d371f861a3556830cb165be41ec544d34e04bd0bb61972a4a2fb51b518ff6f403fff50f08aa3b452fcccc24342116afe9958eb340024c362609aaa11bd53ea2aceb75436c192ad284fa9042185df8c962258504c14c8fa6d5110f6ce9ebb5fb17d913c1edb926d098694ae2a21828befea9cb5b844e504c0c97ba34d1feb3524939dd51f003330fa1a310209353fcf43c3e84b1df162046119e11a53e3aa64ec676756272efb2da81cade700e8cdc7772a11af6854b7f441ee48e8d5c9c10b7c8ecda4c61cb985c123294184e7070f0cdeeb9d441aa4fc05c7039bc0b7f84baa31e1d44c0006a3c2ec94715f1328e63ebb62376d6e0f8b0ea702d43d605549b6997ef5fba24f175a3749aea682723e89c42278047fe8d08b88024dba12924349122059ef9d4e90e2810c8d39eaae07353455c5ed7766e281ad2494f9031244a0153f17044bc4b1be9aefde0af0aaf8d305c9d3edf8bd5b4dc979d33da003a1f5eaa5d0a9833a33583addf4796e\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133865);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2017-18017\");\n script_bugtraq_id(102367);\n\n script_name(english:\"Arista Networks tcpmss_mangle_packet DoS (SA0034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability.\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allows a remote, unauthenticated\nattacker to cause a DoS (use-after-free and memory corruption) or possibly have unspecified other impacts by leveraging\nthe presence of xt_TCPMSS in an iptables action.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9d929a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to an Arista Networks EOS version later than 4.20.1FX-Virtual-Router. Alternatively, apply the patch or\nrecommended mitigation referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('arista_eos_func.inc');\ninclude('audit.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = get_kb_item_or_exit('Host/Arista-EOS/Version');\n\next='SecurityAdvisory0034Hotfix.rpm 1.0.0/1.fc18';\nsha='b708536d77702846079690786c50a65dcaaf39a24f56686bd6e4a90c38483b3e6141ef706ca1b581d0c4438b14f0304dcc366d4cdb5204005b1692ea4a28d2a9';\n\nif(eos_extension_installed(ext:ext, sha:sha))\n exit(0, 'The Arista device is not vulnerable, as a relevant hotfix has been installed.');\n\nvmatrix = make_array();\nvmatrix['misc'] = make_list('4.20.1FX-Virtual-Router');\nvmatrix['fix'] = 'Apply the vendor supplied patch or mitigation or upgrade to a version later than 4.20.1FX-Virtual-Router';\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:eos_report_get());\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Arista Networks EOS', version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:26", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - If the system uses iptables and there are iptables\n rules with TCPMSS action there, a remote attacker could\n cause a denial of service (use-after-free in\n tcpmss_mangle_packet function leading to memory\n corruption) or possibly have unspecified other impact\n by sending specially crafted network packets.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 34, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-16T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18017"], "modified": "2018-01-16T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2018-005.NASL", "href": "https://www.tenable.com/plugins/nessus/106053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106053);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-18017\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-005)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - If the system uses iptables and there are iptables\n rules with TCPMSS action there, a remote attacker could\n cause a denial of service (use-after-free in\n tcpmss_mangle_packet function leading to memory\n corruption) or possibly have unspecified other impact\n by sending specially crafted network packets.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2915393\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bc1909a\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ca70a61\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65ccc0cb\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e02e2e8c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed1c0dc0\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.1.1.vz7.37.30\",\n \"patch\",\"readykernel-patch-37.30-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.11.6.vz7.40.4\",\n \"patch\",\"readykernel-patch-40.4-42.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:12:28", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software side of\nthe mitigation for this hardware issue. To be fully functional,\nup-to-date CPU microcode applied on the system might be required.\nPlease refer to References section for further information about this\nissue, CPU microcode requirements and the potential performance\nimpact.\n\nIn this update, mitigation for PowerPC architecture is provided.\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting\nCVE-2018-3639.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3461451", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-30T00:00:00", "title": "RHEL 7 : kernel (RHSA-2018:1737) (Spectre)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18017", "CVE-2018-3639"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2018-1737.NASL", "href": "https://www.tenable.com/plugins/nessus/110220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1737. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110220);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2017-18017\", \"CVE-2018-3639\");\n script_xref(name:\"RHSA\", value:\"2018:1737\");\n script_xref(name:\"IAVA\", value:\"2018-A-0170\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:1737) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An industry-wide issue was found in the way many modern\nmicroprocessor designs have implemented speculative execution of Load\n& Store instructions (a commonly used performance optimization). It\nrelies on the presence of a precisely-defined instruction sequence in\nthe privileged code as well as the fact that memory read from address\nto which a recent memory write has occurred may see an older value and\nsubsequently cause an update into the microprocessor's data cache even\nfor speculatively executed instructions that never actually commit\n(retire). As a result, an unprivileged attacker could use this flaw to\nread privileged memory by conducting targeted cache side-channel\nattacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software side of\nthe mitigation for this hardware issue. To be fully functional,\nup-to-date CPU microcode applied on the system might be required.\nPlease refer to References section for further information about this\nissue, CPU microcode requirements and the potential performance\nimpact.\n\nIn this update, mitigation for PowerPC architecture is provided.\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response\nCenter) and Jann Horn (Google Project Zero) for reporting\nCVE-2018-3639.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3461451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/ssbd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3461451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3639\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18017\", \"CVE-2018-3639\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:1737\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1737\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-abi-whitelists-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-doc-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.51.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:45:14", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.26.1.el7uek]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric \nDumazet) [Orabug: 27896807] {CVE-2017-18017}\n- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) \n[Orabug: 27927692] {CVE-2018-7757}", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-09T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4268)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7757", "CVE-2017-18017"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.26.1.el6uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.26.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4268.NASL", "href": "https://www.tenable.com/plugins/nessus/118851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4268.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118851);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2017-18017\", \"CVE-2018-7757\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4268)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.26.1.el7uek]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric \nDumazet) [Orabug: 27896807] {CVE-2017-18017}\n- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) \n[Orabug: 27927692] {CVE-2018-7757}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-November/008227.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-November/008228.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.26.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.26.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18017\", \"CVE-2018-7757\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4268\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.26.1.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.26.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.26.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.26.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.26.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.26.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.26.1.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.26.1.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.26.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.26.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.26.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.26.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.26.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.26.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:31", "description": "According to the versions of the parallels-server-bm-release / etc\npackages installed, the Virtuozzo installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function does not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size() function in 'net/rds/rdma.c') and\n thus to a system panic.\n\n - The rds_cmsg_atomic() function in 'net/rds/rdma.c'\n mishandles cases where page pinning fails or an invalid\n address is supplied by a user. This can lead to a NULL\n pointer dereference in rds_atomic_free_op() and thus to\n a system panic.\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c allows remote attackers to\n cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact\n by leveraging the presence of xt_TCPMSS in an iptables\n action.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-27T00:00:00", "title": "Virtuozzo 6 : parallels-server-bm-release / etc (VZA-2018-017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5333", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2018-03-27T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:pstorage-libs-shared", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:pstorage-ctl", "p-cpe:/a:virtuozzo:virtuozzo:pstorage-metadata-server", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "cpe:/o:virtuozzo:virtuozzo:6", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:pstorage-client", "p-cpe:/a:virtuozzo:virtuozzo:pstorage-chunk-server", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "p-cpe:/a:virtuozzo:virtuozzo:pstorage-iscsi"], "id": "VIRTUOZZO_VZA-2018-017.NASL", "href": "https://www.tenable.com/plugins/nessus/108596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108596);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-18017\",\n \"CVE-2018-5332\",\n \"CVE-2018-5333\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / etc (VZA-2018-017)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release / etc\npackages installed, the Virtuozzo installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function does not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size() function in 'net/rds/rdma.c') and\n thus to a system panic.\n\n - The rds_cmsg_atomic() function in 'net/rds/rdma.c'\n mishandles cases where page pinning fails or an invalid\n address is supplied by a user. This can lead to a NULL\n pointer dereference in rds_atomic_free_op() and thus to\n a system panic.\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c allows remote attackers to\n cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact\n by leveraging the presence of xt_TCPMSS in an iptables\n action.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2930690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHBA-2018:0513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0512\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-chunk-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-ctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-libs-shared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:pstorage-metadata-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3701\",\n \"pstorage-chunk-server-6.0.12-8\",\n \"pstorage-client-6.0.12-8\",\n \"pstorage-ctl-6.0.12-8\",\n \"pstorage-iscsi-6.0.12-8\",\n \"pstorage-libs-shared-6.0.12-8\",\n \"pstorage-metadata-server-6.0.12-8\",\n \"vzkernel-2.6.32-042stab128.2\",\n \"vzkernel-devel-2.6.32-042stab128.2\",\n \"vzkernel-firmware-2.6.32-042stab128.2\",\n \"vzmodules-2.6.32-042stab128.2\",\n \"vzmodules-devel-2.6.32-042stab128.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:53:44", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel before\n 4.14.11. The function get_net_ns_by_id() in\n net/core/net_namespace.c does not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out, although it is thought to be\n unlikely.(CVE-2017-15129)\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel before\n 4.11, and 4.9.x before 4.9.36, allows remote attackers\n to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact\n by leveraging the presence of xt_TCPMSS in an iptables\n action.(CVE-2017-18017)\n\n - A flaw was found in the upstream kernel Skcipher\n component. This vulnerability affects the\n skcipher_recvmsg function of the component Skcipher.\n The manipulation with an unknown input leads to a\n privilege escalation vulnerability.(CVE-2017-13215)\n\n - In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function does not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size() function in 'net/rds/rdma.c') and\n thus to a system panic. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5332)\n\n - In the Linux kernel through 4.14.13, the\n rds_cmsg_atomic() function in 'net/rds/rdma.c'\n mishandles cases where page pinning fails or an invalid\n address is supplied by a user. This can lead to a NULL\n pointer dereference in rds_atomic_free_op() and thus to\n a system panic.(CVE-2018-5333)\n\n - drivers/input/serio/i8042.c in the Linux kernel before\n 4.12.4 allows attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the\n port-i1/4zexists value can change after it is\n validated.(CVE-2017-18079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-18T00:00:00", "title": "EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1234)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-5333", "CVE-2017-15129", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2018-09-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/117543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117543);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13215\",\n \"CVE-2017-15129\",\n \"CVE-2017-18017\",\n \"CVE-2017-18079\",\n \"CVE-2018-5332\",\n \"CVE-2018-5333\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1234)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel before\n 4.14.11. The function get_net_ns_by_id() in\n net/core/net_namespace.c does not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out, although it is thought to be\n unlikely.(CVE-2017-15129)\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel before\n 4.11, and 4.9.x before 4.9.36, allows remote attackers\n to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact\n by leveraging the presence of xt_TCPMSS in an iptables\n action.(CVE-2017-18017)\n\n - A flaw was found in the upstream kernel Skcipher\n component. This vulnerability affects the\n skcipher_recvmsg function of the component Skcipher.\n The manipulation with an unknown input leads to a\n privilege escalation vulnerability.(CVE-2017-13215)\n\n - In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function does not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size() function in 'net/rds/rdma.c') and\n thus to a system panic. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5332)\n\n - In the Linux kernel through 4.14.13, the\n rds_cmsg_atomic() function in 'net/rds/rdma.c'\n mishandles cases where page pinning fails or an invalid\n address is supplied by a user. This can lead to a NULL\n pointer dereference in rds_atomic_free_op() and thus to\n a system panic.(CVE-2018-5333)\n\n - drivers/input/serio/i8042.c in the Linux kernel before\n 4.12.4 allows attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the\n port-i1/4zexists value can change after it is\n validated.(CVE-2017-18079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1234\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10ab5c96\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.61.59.66_25\",\n \"kernel-devel-3.10.0-327.61.59.66_25\",\n \"kernel-headers-3.10.0-327.61.59.66_25\",\n \"kernel-tools-3.10.0-327.61.59.66_25\",\n \"kernel-tools-libs-3.10.0-327.61.59.66_25\",\n \"kernel-tools-libs-devel-3.10.0-327.61.59.66_25\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:25", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A vulnerability was found in DCCP socket handling code.\n dccp_disconnect() set the socket state to DCCP_CLOSED\n but did not properly free some of the resources\n associated with that socket. This could result in a\n use-after-free and could potentially allow an attacker\n to escalate their privileges.\n\n - The Linux kernel is vulnerable to a use-after-free\n issue. It could occur while closing a xfrm netlink\n socket, in xfrm_dump_policy_done. A user/process could\n use this flaw to potentially escalate their privileges\n on a system.\n\n - The function get_net_ns_by_id() does not check the\n net.count value when processing a peer network, which\n could lead to double free and memory corruption. An\n unprivileged local user could use this vulnerability to\n crash the system.\n\n - If the system uses iptables and there are iptables\n rules with TCPMSS action there, a remote attacker could\n cause a denial of service (use-after-free in\n tcpmss_mangle_packet function leading to memory\n corruption) or possibly have unspecified other impact\n by sending specially crafted network packets.\n\n - A flaw was found in the patches used to fix the 'Dirty\n COW' vulnerability (CVE-2016-5195). An attacker, able\n to run local code, could exploit a race condition in\n transparent huge pages to modify usually read-only huge\n pages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-16T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2018-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15129", "CVE-2017-8824", "CVE-2017-16939", "CVE-2016-5195", "CVE-2017-18017", "CVE-2017-1000405"], "modified": "2018-01-16T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2018-004.NASL", "href": "https://www.tenable.com/plugins/nessus/106052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106052);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000405\",\n \"CVE-2017-15129\",\n \"CVE-2017-16939\",\n \"CVE-2017-18017\",\n \"CVE-2017-8824\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2018-004)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A vulnerability was found in DCCP socket handling code.\n dccp_disconnect() set the socket state to DCCP_CLOSED\n but did not properly free some of the resources\n associated with that socket. This could result in a\n use-after-free and could potentially allow an attacker\n to escalate their privileges.\n\n - The Linux kernel is vulnerable to a use-after-free\n issue. It could occur while closing a xfrm netlink\n socket, in xfrm_dump_policy_done. A user/process could\n use this flaw to potentially escalate their privileges\n on a system.\n\n - The function get_net_ns_by_id() does not check the\n net.count value when processing a peer network, which\n could lead to double free and memory corruption. An\n unprivileged local user could use this vulnerability to\n crash the system.\n\n - If the system uses iptables and there are iptables\n rules with TCPMSS action there, a remote attacker could\n cause a denial of service (use-after-free in\n tcpmss_mangle_packet function leading to memory\n corruption) or possibly have unspecified other impact\n by sending specially crafted network packets.\n\n - A flaw was found in the patches used to fix the 'Dirty\n COW' vulnerability (CVE-2016-5195). An attacker, able\n to run local code, could exploit a race condition in\n transparent huge pages to modify usually read-only huge\n pages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2915392\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab3589df\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8dcc35e\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-42.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6312859\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.42.0.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-42.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.42.0.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-42.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:11:18", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824,\nImportant)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation\n(CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port()\n(CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows\nfor network monitors to observe systemwide activity (CVE-2017-17449,\nModerate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting\nCVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to version\n3.10.0-693.25.2.rt56.612, which provides a number of security and bug\nfixes over the previous version. (BZ#1549731)\n\n* Intel Core X-Series (Skylake) processors use a hard-coded Time Stamp\nCounter (TSC) frequency of 25 MHz. In some cases this can be imprecise\nand lead to timing-related problems such as time drift, timers being\ntriggered early, or TSC clock instability. This update mitigates these\nproblems by no longer using the 'native_calibrate_tsc()' function to\ndefine the TSC frequency. Refined calibration is now used to update\nthe clock rate accordingly in these cases. (BZ#1547854)", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-25T00:00:00", "title": "RHEL 6 : MRG (RHSA-2018:1170)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15265", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2017-17449", "CVE-2017-9725", "CVE-2017-18017"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2018-1170.NASL", "href": "https://www.tenable.com/plugins/nessus/109335", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1170. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109335);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-15265\", \"CVE-2017-17449\", \"CVE-2017-18017\", \"CVE-2017-8824\", \"CVE-2017-9725\");\n script_xref(name:\"RHSA\", value:\"2018:1170\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2018:1170)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824,\nImportant)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation\n(CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port()\n(CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows\nfor network monitors to observe systemwide activity (CVE-2017-17449,\nModerate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting\nCVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to version\n3.10.0-693.25.2.rt56.612, which provides a number of security and bug\nfixes over the previous version. (BZ#1549731)\n\n* Intel Core X-Series (Skylake) processors use a hard-coded Time Stamp\nCounter (TSC) frequency of 25 MHz. In some cases this can be imprecise\nand lead to timing-related problems such as time drift, timers being\ntriggered early, or TSC clock instability. This update mitigates these\nproblems by no longer using the 'native_calibrate_tsc()' function to\ndefine the TSC frequency. Refined calibration is now used to update\nthe clock rate accordingly in these cases. (BZ#1547854)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-15265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000410\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-15265\", \"CVE-2017-17449\", \"CVE-2017-18017\", \"CVE-2017-8824\", \"CVE-2017-9725\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:1170\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1170\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.25.2.rt56.612.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:43:28", "description": "From Red Hat Security Advisory 2018:1319 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution permission faults handling\n(CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski\nfor reporting CVE-2018-8897; Mohamed Ghannam for reporting\nCVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431591", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2018-1319) (Meltdown)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2018-8897", "CVE-2017-18017"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-1319.NASL", "href": "https://www.tenable.com/plugins/nessus/109629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:1319 and \n# Oracle Linux Security Advisory ELSA-2018-1319 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109629);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-18017\", \"CVE-2017-5754\", \"CVE-2017-7645\", \"CVE-2017-8824\", \"CVE-2018-8897\");\n script_xref(name:\"RHSA\", value:\"2018:1319\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2018-1319) (Meltdown)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:1319 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution permission faults handling\n(CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski\nfor reporting CVE-2018-8897; Mohamed Ghannam for reporting\nCVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-May/007679.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-18017\", \"CVE-2017-5754\", \"CVE-2017-7645\", \"CVE-2017-8824\", \"CVE-2018-8897\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-1319\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-696.28.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-696.28.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:11:35", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution permission faults handling\n(CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski\nfor reporting CVE-2018-8897; Mohamed Ghannam for reporting\nCVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431591", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-05-09T00:00:00", "title": "RHEL 6 : kernel (RHSA-2018:1319) (Meltdown)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2018-8897", "CVE-2017-18017"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2018-1319.NASL", "href": "https://www.tenable.com/plugins/nessus/109634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1319. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109634);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-18017\", \"CVE-2017-5754\", \"CVE-2017-7645\", \"CVE-2017-8824\", \"CVE-2018-8897\");\n script_xref(name:\"RHSA\", value:\"2018:1319\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:1319) (Meltdown)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution permission faults handling\n(CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function\nin net/ netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski\nfor reporting CVE-2018-8897; Mohamed Ghannam for reporting\nCVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es) :\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the\nbug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/ articles/3431591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/pop_ss\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3431591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-8897\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000410\", \"CVE-2017-13166\", \"CVE-2017-18017\", \"CVE-2017-5754\", \"CVE-2017-7645\", \"CVE-2017-8824\", \"CVE-2018-8897\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:1319\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1319\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.28.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18017", "CVE-2018-3639"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system might be required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.\n\nIn this update, mitigation for PowerPC architecture is provided.\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3461451", "modified": "2018-05-29T22:04:08", "published": "2018-05-29T21:59:32", "id": "RHSA-2018:1737", "href": "https://access.redhat.com/errata/RHSA-2018:1737", "type": "redhat", "title": "(RHSA-2018:1737) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000410", "CVE-2017-13166", "CVE-2017-18017", "CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2018-8897"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591", "modified": "2018-06-07T18:22:27", "published": "2018-05-08T21:59:26", "id": "RHSA-2018:1319", "href": "https://access.redhat.com/errata/RHSA-2018:1319", "type": "redhat", "title": "(RHSA-2018:1319) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000410", "CVE-2017-13166", "CVE-2017-15265", "CVE-2017-17449", "CVE-2017-18017", "CVE-2017-8824", "CVE-2017-9725"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to version 3.10.0-693.25.2.rt56.612, which provides a number of security and bug fixes over the previous version. (BZ#1549731)\n\n* Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp Counter (TSC) frequency of 25 MHz. In some cases this can be imprecise and lead to timing-related problems such as time drift, timers being triggered early, or TSC clock instability. This update mitigates these problems by no longer using the \"native_calibrate_tsc()\" function to define the TSC frequency. Refined calibration is now used to update the clock rate accordingly in these cases. (BZ#1547854)", "modified": "2018-06-07T18:14:51", "published": "2018-04-17T18:55:13", "id": "RHSA-2018:1170", "href": "https://access.redhat.com/errata/RHSA-2018:1170", "type": "redhat", "title": "(RHSA-2018:1170) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000252", "CVE-2017-1000410", "CVE-2017-13166", "CVE-2017-15265", "CVE-2017-17449", "CVE-2017-18017", "CVE-2017-8824", "CVE-2017-9725"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/articles/3411331", "modified": "2018-04-17T19:12:16", "published": "2018-04-17T18:31:22", "id": "RHSA-2018:1130", "href": "https://access.redhat.com/errata/RHSA-2018:1130", "type": "redhat", "title": "(RHSA-2018:1130) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3672", "CVE-2016-7913", "CVE-2016-8633", "CVE-2017-1000252", "CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-13166", "CVE-2017-13305", "CVE-2017-14140", "CVE-2017-15116", "CVE-2017-15121", "CVE-2017-15126", "CVE-2017-15127", "CVE-2017-15129", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18270", "CVE-2017-5754", "CVE-2017-7294", "CVE-2017-8824", "CVE-2017-9725", "CVE-2018-1000004", "CVE-2018-5750", "CVE-2018-6927"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate)\n\n* kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate)\n\n* kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate)\n\n* kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\n* kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate)\n\n* kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)\n\n * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low)\n\nRed Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat).\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.", "modified": "2018-10-16T14:49:15", "published": "2018-04-10T12:33:10", "id": "RHSA-2018:1062", "href": "https://access.redhat.com/errata/RHSA-2018:1062", "type": "redhat", "title": "(RHSA-2018:1062) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3672", "CVE-2016-7913", "CVE-2016-8633", "CVE-2017-1000252", "CVE-2017-1000407", "CVE-2017-1000410", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-13166", "CVE-2017-13305", "CVE-2017-14140", "CVE-2017-15116", "CVE-2017-15121", "CVE-2017-15126", "CVE-2017-15127", "CVE-2017-15129", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-17053", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17558", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-7294", "CVE-2017-8824", "CVE-2017-9725", "CVE-2018-1000004", "CVE-2018-5750", "CVE-2018-6927"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate)\n\n* kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate)\n\n* kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate)\n\n* kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Incorrect handling in arch/x86/include/asm/mmu_context.h:init_new_context function allowing use-after-free (CVE-2017-17053, Moderate)\n\n* kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\n* kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate)\n\n* kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)\n\n* kernel: unlimiting the stack disables ASLR (CVE-2016-3672, Low)\n\n* kernel: Missing permission check in move_pages system call (CVE-2017-14140, Low)\n\n* kernel: Null pointer dereference in rngapi_reset function (CVE-2017-15116, Low)\n\n* kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c (CVE-2017-15127, Low)\n\n* kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact (CVE-2018-6927, Low)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat).\n\nAdditional Changes:\n\nSee the Red Hat Enterprise Linux 7.5 Release Notes linked from References.", "modified": "2018-10-16T15:10:16", "published": "2018-04-10T08:58:26", "id": "RHSA-2018:0676", "href": "https://access.redhat.com/errata/RHSA-2018:0676", "type": "redhat", "title": "(RHSA-2018:0676) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7757", "CVE-2017-18017"], "description": "kernel-uek\n[3.8.13-118.26.1]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896807] {CVE-2017-18017}\n- scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927692] {CVE-2018-7757}", "edition": 2, "modified": "2018-11-08T00:00:00", "published": "2018-11-08T00:00:00", "id": "ELSA-2018-4268", "href": "http://linux.oracle.com/errata/ELSA-2018-4268.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2018-8897", "CVE-2017-18017"], "description": "[2.6.32-696.28.1.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696.28.1]\n- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897}\n- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1569141 1568241]\n[2.6.32-696.27.1]\n- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1565989 1559386]\n- [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1568327 1562725]\n- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1568327 1562725]\n- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1568327 1562725]\n- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1568327 1562725]\n- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1568327 1562725]\n- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1568332 1562552]\n- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1568332 1562552]\n- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1568535 1558845]\n- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1568535 1558845]\n- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1568535 1558845]\n- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1568535 1558845]\n- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1568535 1558845]\n[2.6.32-696.26.1]\n- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1557477 1520860]\n- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1561441 1557562] {CVE-2017-5754}\n- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Restore segments before int registers (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Unshare NMI return path (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}\n[2.6.32-696.25.1]\n- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1557896 1535024]\n- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1557896 1535024]\n- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1557896 1535024]\n- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1557896 1535024]\n- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520818 1520817] {CVE-2017-8824}\n- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447640 1447641] {CVE-2017-7645}\n- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1552706 1437991]\n- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1551471 1495167]\n- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1551471 1495167]\n- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1540481 1538340]\n- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1538654 1408108]\n- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1538591 1520862]\n- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1538586 1518669]\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}\n- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543089 1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543089 1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543089 1543091] {CVE-2017-18017}\n- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519627 1519626] {CVE-2017-1000410}\n[2.6.32-696.24.1]\n- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1551475 1212959]\n- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1551475 1212959]\n- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1551475 1212959]\n- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1551475 1212959]\n- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1551475 1212959]\n- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1550103 1532167]", "edition": 4, "modified": "2018-05-08T00:00:00", "published": "2018-05-08T00:00:00", "id": "ELSA-2018-1319", "href": "http://linux.oracle.com/errata/ELSA-2018-1319.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7616", "CVE-2017-8824", "CVE-2018-1130", "CVE-2018-10087", "CVE-2017-18017", "CVE-2018-10124", "CVE-2018-5803", "CVE-2017-11600"], "description": "[4.1.12-124.17.1]\n- block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756] \n- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}\n- net/rds: Implement ARP flushing correctly (Hakon Bugge) [Orabug: 28219857] \n- net/rds: Fix incorrect bigger vs. smaller IP address check (Hakon Bugge) [Orabug: 28236599] \n- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391] \n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600}\n[4.1.12-124.16.6]\n- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400] \n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616}\n- xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023] \n- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303] \n- mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303] \n- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}\n- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214] \n- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032] \n- net/rds: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198749] \n- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803}\n[4.1.12-124.16.5]\n- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] {CVE-2017-18017}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] {CVE-2018-10087}\n- x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]", "edition": 4, "modified": "2018-07-10T00:00:00", "published": "2018-07-10T00:00:00", "id": "ELSA-2018-4161", "href": "http://linux.oracle.com/errata/ELSA-2018-4161.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10021", "CVE-2017-18079", "CVE-2017-14051", "CVE-2017-17450", "CVE-2018-1000004", "CVE-2018-7755", "CVE-2017-17805", "CVE-2014-9728", "CVE-2018-5848", "CVE-2018-7757", "CVE-2018-18710", "CVE-2018-1000204", "CVE-2018-7995", "CVE-2015-7837", "CVE-2016-3841", "CVE-2017-18017", "CVE-2018-9516", "CVE-2018-10902", "CVE-2017-13168", "CVE-2018-1092", "CVE-2016-3713", "CVE-2017-17806"], "description": "kernel-uek\n[3.8.13-118.29.1]\n- Copy secure_boot flag in boot params across kexec reboot (Dave Young) [Orabug: 22066352] {CVE-2015-7837}\n- ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841}\n- ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841}\n- scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220420] {CVE-2017-14051}\n- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220433] {CVE-2018-1092} {CVE-2018-1092}\n- certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926205] \n- ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005190] {CVE-2018-1000004}\n- netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037832] {CVE-2017-17450}\n- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 29060697] {CVE-2018-5848}\n- HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128167] {CVE-2018-9516}\n- x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29152249] {CVE-2018-7995}\n- Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152329] {CVE-2017-18079}", "edition": 2, "modified": "2019-01-04T00:00:00", "published": "2019-01-04T00:00:00", "id": "ELSA-2019-4316", "href": "http://linux.oracle.com/errata/ELSA-2019-4316.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5754", "CVE-2017-17558", "CVE-2016-8633", "CVE-2018-1000004", "CVE-2017-15265", "CVE-2017-7518", "CVE-2017-18203", "CVE-2017-1000252", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-7294", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-13166", "CVE-2017-1000407", "CVE-2017-15126", "CVE-2017-17053", "CVE-2017-15116", "CVE-2017-1000410", "CVE-2017-17449", "CVE-2017-9725", "CVE-2016-7913", "CVE-2017-15127", "CVE-2018-5750", "CVE-2017-15121", "CVE-2017-18017", "CVE-2017-12154", "CVE-2016-3672", "CVE-2017-12190"], "description": "- [3.10.0-862.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-862]\n- [netdrv] i40e: Fix attach VF to VM issue (Stefan Assmann) [1528123]\n- [netdrv] ixgbevf: Add check for ixgbe_mbox_api_13 to ixgbevf_probe when setting max_mtu (Ken Cox) [1556696]\n- [md] dm btree: fix serious bug in btree_split_beneath() (Mike Snitzer) [1557849]\n- [x86] pti: Disable PTI user page table update in EFI virtual mode (Waiman Long) [1540061]\n[3.10.0-861]\n- [netdrv] tg3: prevent scheduling while atomic splat (Jonathan Toppins) [1554590]\n- [nvme] validate admin queue before unquiesce (David Milburn) [1549733]\n[3.10.0-860]\n- [acpi] sbshc: remove raw pointer from printk() message (Baoquan He) [1547009] {CVE-2018-5750}\n- [fs] gfs2: fixes to 'implement iomap for block_map' (Andreas Grunbacher) [1542594]\n- [x86] kvm: svm: disable virtual GIF and VMLOAD/VMSAVE (Paolo Bonzini) [1552090]\n[3.10.0-859]\n- [media] v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548430] {CVE-2017-13166}\n- [kernel] futex: Prevent overflow by strengthen input validation (Joe Lawrence) [1547585] {CVE-2018-6927}\n- [fs] Revert dcache_readdir back to ->readdir() ('Eric W. Biederman') [1525541]\n- [md] dm-raid: fix incorrect sync_ratio when degraded (Mike Snitzer) [1547979]\n- [mm] page_alloc: fix memmap_init_zone pageblock alignment (Daniel Vacek) [1525121]\n- [mm] revert kvmalloc: stress the vmalloc path in the debugging kernel (Jeff Moyer) [1550094]\n- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1543067]\n- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1543067]\n- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1543067]\n- [x86] kvm: vmx: Cache IA32_DEBUGCTL in memory (Paolo Bonzini) [1537379]\n- [x86] spec_ctrl: avoid rmb() on full retpoline kernels (Paolo Bonzini) [1537379]\n- [x86] spec_ctrl: replace boot_cpu_has with a static key for IBRS checks (Paolo Bonzini) [1537379]\n- [x86] spec_ctrl: actually use static key for retpolines (Paolo Bonzini) [1537379]\n- [x86] kvm: vmx: optimize IBRS handling at vmenter/vmexit (Paolo Bonzini) [1537379]\n- [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1537379]\n- [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1537379]\n- [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1537379]\n- [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1537379]\n- [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1537379]\n- [x86] kvm: Add IBPB support (Paolo Bonzini) [1537379]\n- [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1537379]\n- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1537379]\n- [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1537379]\n- [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1537379]\n- [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1537379]\n- [x86] kvm: Update the reverse_cpuid list to include CPUID_7_EDX (Paolo Bonzini) [1537379]\n- [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Paolo Bonzini) [1537379]\n- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Paolo Bonzini) [1537379]\n- [x86] cpufeatures: Add Intel feature bits for Speculation Control (Paolo Bonzini) [1537379]\n- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Paolo Bonzini) [1537379]\n- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Paolo Bonzini) [1537379]\n- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Paolo Bonzini) [1537379]\n[3.10.0-858]\n- [tools] revert perf: Fix swap for samples with raw data (Jiri Olsa) [1458228]\n- [netdrv] ibmvnic: Fix early release of login buffer (Desnes Augusto Nunes do Rosario) [1545578]\n- [netdrv] ibmvnic: Clean RX pool buffers during device close (Desnes Augusto Nunes do Rosario) [1545578]\n- [netdrv] ibmvnic: Free RX socket buffer in case of adapter error (Desnes Augusto Nunes do Rosario) [1545578]\n- [netdrv] ibmvnic: Fix NAPI structures memory leak (Desnes Augusto Nunes do Rosario) [1545578]\n- [netdrv] ibmvnic: Fix login buffer memory leaks (Desnes Augusto Nunes do Rosario) [1545578]\n- [netdrv] ibmvnic: Wait until reset is complete to set carrier on (Desnes Augusto Nunes do Rosario) [1545578]\n- [block] disable runtime-pm for blk-mq (Ming Lei) [1548269]\n- [mm] revert memcontrol: fix cgroup creation failure after many small jobs (Aristeu Rozanski) [1548593 1517028]\n- [mm] revert cgroup: kill css_id (Aristeu Rozanski) [1548593 1517028]\n[3.10.0-857]\n- [media] v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548430] {CVE-2017-13166}\n- [sound] alsa: seq: Fix use-after-free at creating a port (CVE-2017-15265) (Jaroslav Kysela) [1503381] {CVE-2017-15265}\n- [gpu] drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE (Rob Clark) [1546022]\n- [edac] disable only ghes_edac by default (Aristeu Rozanski) [1543078]\n- [edac] ghes: Model a single, logical memory controller (Aristeu Rozanski) [1543078]\n- [fs] cifs: release cifs root_cred after exit_cifs (Leif Sahlberg) [1525874]\n- [fs] gfs2: Fix fallocate chunk size (Andreas Grunbacher) [1545329]\n- [fs] gfs2: Fixes to 'Implement iomap for block_map' (Andreas Grunbacher) [1542594]\n- [fs] gfs2: Clean up (lookup,fillup)_metapath (Andreas Grunbacher) [1542594]\n- [fs] iomap: warn on zero-length mappings (Andreas Grunbacher) [1542594]\n- [md] raid0: remove blank line printk from dump_zones() (John Pittman) [1534272]\n- [md] dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl (Mike Snitzer) [1513037]\n- [mm] kvmalloc: stress the vmalloc path in the debugging kernel (Mikulas Patocka) [1523567]\n- [mm] fs: rework do_invalidatepage (Eric Sandeen) [1546079]\n- [net] netfilter: fix NULL ptr dereference in nf_send_reset() (Paolo Abeni) [1546148]\n[3.10.0-856]\n- [infiniband] ipoib: Add ipoib_enhanced module parameter (Slava Shwartsman) [1533013]\n- [netdrv] ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: Reset long term map ID counter (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: queue reset when CRQ gets closed during reset (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: Ensure that buffers are NULL after free (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: Fix rx queue cleanup for non-fatal resets (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: fix empty firmware version and errors cleanup (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (Desnes Augusto Nunes do Rosario) [1544356]\n- [netdrv] mlx5e: Fix offloading of E-Switch TC pedit actions (Slava Shwartsman) [1545640]\n- [netdrv] qed: Correct setting the number of completion queues for FCoE functions (Chad Dupuis) [1542188]\n- [netdrv] ixgbe: fix crash in build_skb Rx code path (Ken Cox) [1520428]\n- [netdrv] tg3: APE heartbeat changes (Jonathan Toppins) [1546217]\n- [powerpc] pseries/vio: Dispose of virq mapping on vdevice unregister (Gustavo Duarte) [1544009]\n- [s390] qeth: fix underestimated count of buffer elements (Hendrik Brueckner) [1544698]\n- [x86] kvm: fix singlestepping over syscall (Paolo Bonzini) [1464481] {CVE-2017-7518}\n- [x86] paravirt: fix kabi breakage in pv_mmu_ops (Jeff Moyer) [1546027]\n- [x86] uaccess: introduce copy_from_iter_flushcache for pmem / cache-bypass operations (Jeff Moyer) [1471678]\n[3.10.0-855]\n- [crypto] algif_skcipher: Remove custom release parent function (Bruno Eduardo de Oliveira Meneguele) [1529441]\n- [crypto] algif_hash: Remove custom release parent function (Bruno Eduardo de Oliveira Meneguele) [1537376]\n- [mailbox] pcc: Drop uninformative output during boot (Kazuhito Hagio) [1515571]\n- [edac] skx_edac: Fix detection of single-rank DIMMs (Aristeu Rozanski) [1482248]\n- [md] free unused memory after bitmap resize (Nigel Croxon) [1532767]\n- [fs] sunrpc: ensure correct error is reported by xs_tcp_setup_socket() (Steve Dickson) [1536582]\n- [fs] Revert 'fixing infinite OPEN loop in 4.0 stateid recovery' (Steve Dickson) [1542191]\n- [scsi] use 'scsi_device_from_queue()' for scsi_dh (Mike Snitzer) [1546212]\n- [scsi] dh: add a common helper to get a scsi_device from a request_queue (Mike Snitzer) [1546212]\n- [scsi] qedi: Drop cqe response during connection recovery (Chad Dupuis) [1543503]\n- [scsi] qedi: Fix a possible sleep-in-atomic bug in qedi_process_tmf_resp (Chad Dupuis) [1543503]\n- [scsi] qla4xxx: skip error recovery in case of register disconnect (Himanshu Madhani) [1541766]\n- [x86] spectre: fix the kernel build without CONFIG_RETPOLINE (Josh Poimboeuf) [1543939]\n[3.10.0-854]\n- [tools] perf: Fix swap for samples with raw data (Jiri Olsa) [1458228]\n- [alsa] hda/realtek: Enable Thinkpad Dock device for ALC298 platform (Jaroslav Kysela) [1469623]\n- [crypto] rng: prevent entry into drbg test path from algif_rng (Bruno Eduardo de Oliveira Meneguele) [1485815]\n- [net] macvtap: add namespace support to the sysfs device class (Davide Caratti) [1544499]\n- [net] sched: cls_u32: fix cls_u32 on filter replace (Ivan Vecera) [1542013]\n- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543088] {CVE-2017-18017}\n[3.10.0-853]\n- [sound] alsa: seq: Make ioctls race-free (CVE-2018-1000004) (Jaroslav Kysela) [1537203] {CVE-2018-1000004}\n- [gpu] drm/i915/gvt: move write protect handler out of mmio emulation function (Paul Lai) [1525419]\n- [gpu] drm/i915/gvt: Factor intel_vgpu_page_track (Paul Lai) [1525419]\n- [fs] xfs: eliminate duplicate icreate tx reservation functions (Brian Foster) [1397653]\n- [fs] xfs: refactor inode chunk alloc/free tx reservation (Brian Foster) [1397653]\n- [fs] xfs: include an allocfree res for inobt modifications (Brian Foster) [1397653]\n- [fs] xfs: truncate transaction does not modify the inobt (Brian Foster) [1397653]\n- [fs] xfs: fix up agi unlinked list reservations (Brian Foster) [1397653]\n- [fs] xfs: include inobt buffers in ifree tx log reservation (Brian Foster) [1397653]\n- [fs] xfs: print transaction log reservation on overrun (Brian Foster) [1397653]\n- [fs] xfs: dump transaction usage details on log reservation overrun (Brian Foster) [1397653]\n- [fs] xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (Brian Foster) [1397653]\n- [fs] xfs: separate shutdown from ticket reservation print helper (Brian Foster) [1397653]\n- [s390] gs: add compat regset for the guarded storage broadcast control block (Hendrik Brueckner) [1537067]\n- [x86] intel_rdt/cqm: avoid negative static key counts (Joe Lawrence) [1524901]\n- [x86] efi: Fix boot crash by always mapping boot service regions into new EFI page tables (Lenny Szubowicz) [1535243]\n[3.10.0-852]\n- [netdrv] bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine (Jonathan Toppins) [1532863]\n- [netdrv] bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() (Jonathan Toppins) [1532863]\n- [netdrv] bnxt_en: Fix sources of spurious netpoll warnings (Jonathan Toppins) [1532863]\n- [mm] memcg, slab: do not destroy children caches if parent has aliases (Aristeu Rozanski) [1502818]\n- [mm] memcg, slab: fix races in per-memcg cache creation/destruction (Aristeu Rozanski) [1502818]\n- [mm] memcg, slab: clean up memcg cache initialization/destruction (Aristeu Rozanski) [1502818]\n- [mm] memcg, slab: kmem_cache_create_memcg(): fix memleak on fail path (Aristeu Rozanski) [1502818]\n- [block] Invalidate cache on discard v2 (Ming Lei) [1515920]\n- [x86] mm: Fix use-after-free of ldt_struct (Oleg Nesterov) [1543352] {CVE-2017-17053}\n[3.10.0-851]\n- [kernel] acct.c: fix the acct->needcheck check in check_free_space() (Oleg Nesterov) [1520791]\n- [mm] pm/hibernate: touch NMI watchdog when creating snapshot (Aristeu Rozanski) [1487022]\n- [mm] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1531285]\n- [block] blk-mq: Take tagset lock when updating hw queues (Ming Lei) [1528644]\n- [kernel] genirq/affinity: avoid deadlock in pci_alloc_irq_vectors_affinity (Ming Lei) [1528644]\n- [block] blk-mq: avoid IO hang during CPU hotplug by freezing queues in order (Ming Lei) [1528644]\n- [nvme] kick requeue list when requeueing a request instead of when starting the queues (Ming Lei) [1528644]\n- [scsi] dual scan thread bug fix (Ewan Milne) [1509331]\n- [scsi] fix our current target reap infrastructure (Ewan Milne) [1509331]\n- [s390] crypto: fix aes/paes Kconfig dependeny (Hendrik Brueckner) [1538139]\n- [s390] mm: fix BUG_ON in crst_table_upgrade (Hendrik Brueckner) [1500580]\n- [x86] paravirt: Remove 'noreplace-paravirt' cmdline option (Josh Poimboeuf) [1538911]\n- [x86] microcode/amd: Add support for fam17h microcode loading (Suravee Suthikulpanit) [1540104]\n- [x86] Use __nostackprotect for sme_encrypt_kernel (Suravee Suthikulpanit) [1540104]\n- [x86] mm: Encrypt the initrd earlier for BSP microcode update (Suravee Suthikulpanit) [1540104]\n- [x86] mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption (Suravee Suthikulpanit) [1540104]\n- [x86] mm: Centralize PMD flags in sme_encrypt_kernel() (Suravee Suthikulpanit) [1540104]\n- [x86] mm: Use a struct to reduce parameters for SME PGD mapping (Suravee Suthikulpanit) [1540104]\n- [x86] mm: Clean up register saving in the __enc_copy() assembly code (Suravee Suthikulpanit) [1540104]\n[3.10.0-850]\n- [crypto] chelsio - Check error code with IS_ERR macro (Arjun Vynipadath) [1542351]\n- [crypto] chelsio - Use x8_ble gf multiplication to calculate IV (Arjun Vynipadath) [1542351]\n- [crypto] gf128mul - The x8_ble multiplication functions (Arjun Vynipadath) [1542351]\n- [crypto] gf128mul - rename the byte overflow tables (Arjun Vynipadath) [1542351]\n- [crypto] gf128mul - remove xx() macro (Arjun Vynipadath) [1542351]\n- [crypto] chelsio - Fix memory leak (Arjun Vynipadath) [1542351]\n- [scsi] libcxgbi: use GFP_ATOMIC in cxgbi_conn_alloc_pdu() (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: remove the stid on listen create failure (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: when flushing, complete all wrs in a chain (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: reflect the original WR opcode in drain cqes (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: Only validate the MSN for successful completions (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: only insert drain cqes if wq is flushed (Arjun Vynipadath) [1541085]\n- [infiniband] iw_cxgb4: put ep reference in pass_accept_req() (Arjun Vynipadath) [1541085]\n- [netdrv] be2net: restore properly promisc mode after queues reconfiguration (Ivan Vecera) [1535897]\n- [netdrv] ixgbe: Set DMA attributes individually (Ken Cox) [1536455]\n- [netdrv] iwlwifi: mvm: fix security bug in PN checking (Stanislaw Gruszka) [1538028]\n- [netdrv] ibmvnic: Wait for device response when changing MAC (Desnes Augusto Nunes do Rosario) [1540838]\n- [netdrv] ibmvnic: Dont handle RX interrupts when not up (Desnes Augusto Nunes do Rosario) [1532345]\n- [netdrv] ibmvnic: Fix pending MAC address changes (Desnes Augusto Nunes do Rosario) [1535368]\n- [netdrv] ibmvnic: Include header descriptor support for ARP packets (Desnes Augusto Nunes do Rosario) [1529748]\n- [netdrv] ibmvnic: Increase maximum number of RX/TX queues (Desnes Augusto Nunes do Rosario) [1529748]\n- [netdrv] ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (Desnes Augusto Nunes do Rosario) [1529748]\n- [net] cls_u32: fix use after free in u32_destroy_key() (Paolo Abeni) [1540821]\n- [net] properly release sk_frag.page (Lorenzo Bianconi) [1535775]\n- [net] netlink: Add netns check on taps (William Townsend) [1538738] {CVE-2017-17449}\n- [net] netfilter: xt_osf: Add missing permission checks (Florian Westphal) [1539230] {CVE-2017-17448}\n- [net] netfilter: nfnetlink_cthelper: Add missing permission checks (Florian Westphal) [1539230] {CVE-2017-17448}\n[3.10.0-849]\n- [tools] perf vendor events powerpc: Remove duplicate events (Mauricio Oliveira) [1521091]\n- [tools] perf vendor events powerpc: Update POWER9 events (Mauricio Oliveira) [1521091]\n- [thermal] doc change updates expected cur_state behavior (Brad Peters) [1211434]\n- [hid] Add PCI ID for Cannon Lake and Coffee Lake (Brad Peters) [1530141]\n- [edac] sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode (Aristeu Rozanski) [1536995]\n- [fs] sysfs: Use only return value from is_visible for the file mode (Jeff Moyer) [1533361]\n- [fs] nfsd: auth: Fix gid sorting when rootsquash enabled (Thiago Becker) [1516978]\n- [block] silently forbid sending any ioctl to a partition (Paolo Bonzini) [1438809]\n- [mm] fix collision between DAX PMD and PTEs (Jeff Moyer) [1528957]\n- [mm] always enable thp for dax mappings (Jeff Moyer) [1472025]\n- [mm] improve readability of transparent_hugepage_enabled() (Jeff Moyer) [1472025]\n- [acpi] acpi, nfit: validate commands against the device type (Al Stone) [1471819]\n- [acpi] acpi, nfit: add support for the _LSI, _LSR, and _LSW label methods (Al Stone) [1471819]\n[3.10.0-848]\n- [kernel] lockdep: Increase MAX_STACK_TRACE_ENTRIES for debug kernel (Waiman Long) [1532959]\n- [kernel] make groups_sort calling a responsibility group_info allocators (Thiago Becker) [1516978]\n- [kernel] watchdog: Prevent false positives with turbo modes (Jiri Olsa) [1493859]\n- [netdrv] xen-netfront: enable device after manual module load (Eduardo Otubo) [1472220]\n- [netdrv] ibmvnic: Fix IPv6 packet descriptors (Gustavo Duarte) [1536746]\n- [netdrv] ibmvnic: Fix IP offload control buffer (Gustavo Duarte) [1536746]\n- [netdrv] bnxt_en: Dont print Link speed -1 no longer supported messages (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: Uninitialized variable in bnxt_tc_parse_actions() (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: wildcard smac while creating tunnel decap filter (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: fix dst/src fid for vxlan encap/decap actions (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: Add ETH_RESET_AP support (Jonathan Toppins) [1522743]\n- [netdrv] net: ethtool: add support for reset of AP inside NIC interface (Jonathan Toppins) [1522743]\n- [netdrv] bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' (Jonathan Toppins) [1522743]\n- [powerpc] kvm: book3s: Provide information about hardware/firmware CVE workarounds (Serhii Popovych) [1532077] {CVE-2017-5754}\n- [powerpc] powernv/pci: Enable 64-bit devices to access >4GB DMA space (Mauricio Oliveira) [1506259]\n- [powerpc] powernv/pci: Add helper to check if a PE has a single vendor (Mauricio Oliveira) [1506259]\n- [x86] kvm: svm: Fix up enable_smi_window due to out-of-order backport (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Enable Virtual GIF feature (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Add Virtual GIF feature definition (Suravee Suthikulpanit) [1135003]\n- [x86] cpufeature,kvm/svm: Rename (shorten) the new virtualized VMSAVE/VMLOAD CPUID flag (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Enable Virtual VMLOAD VMSAVE feature (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Add Virtual VMLOAD VMSAVE feature definition (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Rename lbr_ctl field in the vmcb control area (Suravee Suthikulpanit) [1135003]\n- [x86] kvm: svm: Prepare for new bit definition in lbr_ctl (Suravee Suthikulpanit) [1135003]\n- [x86] fpu: Use early_param() for clearcpuid (Scott Wood) [1539423]\n[3.10.0-847]\n- [dma-buf] fix reservation_object_wait_timeout_rcu once more v2 (Lyude Paul) [1535631]\n- [fs] nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat (Dave Wysochanski) [1539866]\n- [fs] xfs: validate sb_logsunit is a multiple of the fs blocksize (Bill O Donnell) [1538495]\n- [fs] nfsv4: always set NFS_LOCK_LOST when a lock is lost (Steve Dickson) [1540324]\n- [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1524717]\n- [scsi] qla2xxx: Fix memory corruption during hba reset test (Himanshu Madhani) [1524717]\n- [scsi] qla2xxx: Fix logo flag for qlt_free_session_done() (Himanshu Madhani) [1524717]\n- [scsi] qla2xxx: Reset the logo flag, after target re-login (Himanshu Madhani) [1524717]\n- [block] dm: fix incomplete request_queue initialization (Mike Snitzer) [1517771]\n- [block] allow gendisks request_queue registration to be deferred (Mike Snitzer) [1517771]\n- [block] Protect less code with sysfs_lock in blk_(un,) register_queue() (Mike Snitzer) [1517771]\n- [block] properly protect the 'queue' kobj in blk_unregister_queue (Mike Snitzer) [1517771]\n[3.10.0-846]\n- [infiniband] iser-target: avoid reinitializing rdma contexts for isert commands (Don Dutile) [1540434]\n- [netdrv] nfp: implement ethtool FEC mode settings (John Linville) [1519199]\n- [netdrv] nfp: add helpers for FEC support (John Linville) [1519199]\n- [netdrv] nfp: add get/set link settings ndos to representors (John Linville) [1519199]\n- [netdrv] nfp: resync repr state when port table sync (John Linville) [1519199]\n- [netdrv] nfp: refactor nfp_app_reprs_set (John Linville) [1519199]\n- [netdrv] nfp: dont depend on compiler constant propagation (John Linville) [1519199]\n- [netdrv] vmxnet3: repair memory leak (Neil Horman) [1525354]\n- [cpufreq] governor: Serialize governor callbacks (David Arcari) [1538572]\n- [cpufreq] governor: split cpufreq_governor_dbs() (David Arcari) [1538572]\n- [cpufreq] governor: register notifier from cs_init() (David Arcari) [1538572]\n- [cpufreq] intel_pstate: Remove use of get_target_pstate_use_cpu_load(() (Prarit Bhargava) [1537502]\n- [cpufreq] revert intel_pstate: Use load-based P-state selection more widely (Prarit Bhargava) [1537502]\n- [cpufreq] Fix intel_pstate driver (Prarit Bhargava) [1537502]\n- [x86] fpu: Fix get_xsave_addr() behavior under virtualization ('Dr. David Alan Gilbert') [1534309]\n- [x86] kvm: fix usage of uninit spinlock in avic_vm_destroy() (Wei Huang) [1537402]\n- [x86] KVM: Fix CPUID function for word 6 (80000001_ECX) (Wei Huang) [1533358]\n- [kernel] print kdump kernel loaded status in stack dump (Lianbo Jiang) [1535754]\n- [kernel] kexec: add a kexec_crash_loaded() function (Lianbo Jiang) [1535754]\n[3.10.0-845]\n- [watchdog] hpwdt: remove indirect call in watchdog/hpwdt.c (Josh Poimboeuf) [1535644]\n- [kernel] x86/spec_ctrl: cleanup __ptrace_may_access (Josh Poimboeuf) [1535644]\n- [x86] bugs: Drop one 'mitigation' from dmesg (Josh Poimboeuf) [1535644]\n- [x86] kvm: vmx: Make indirect call speculation safe (Josh Poimboeuf) [1535644]\n- [x86] kvm: x86: Make indirect calls in emulator speculation safe (Josh Poimboeuf) [1535644]\n- [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB (Josh Poimboeuf) [1535644]\n- [x86] mce: Make machine check speculation protected (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: fix ptrace IBPB optimization (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Josh Poimboeuf) [1535644]\n- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Josh Poimboeuf) [1535644]\n- [x86] unwind: fix livepatch regression with CALL_NOSPEC macro (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: Document retpolines and ibrs_enabled=3 (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: upgrade GCC retpoline warning to an error (Josh Poimboeuf) [1535644]\n- [x86] Use IBRS for firmware update path (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: enforce sane combinations of IBRS and retpoline (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: use upstream RSB stuffing function (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Josh Poimboeuf) [1535644]\n- [kernel] x86/jump_label: warn on failed jump label patch (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: detect unretpolined modules (Josh Poimboeuf) [1535644]\n- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Josh Poimboeuf) [1535644]\n- [x86] retpoline: Fill return stack buffer on vmexit (Josh Poimboeuf) [1535644]\n- [x86] retpoline/xen: Convert Xen hypercall indirect jumps (Josh Poimboeuf) [1535644]\n- [x86] retpoline/hyperv: Convert assembler indirect jumps (Josh Poimboeuf) [1535644]\n- [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps (Josh Poimboeuf) [1535644]\n- [x86] retpoline/entry: Convert entry assembler indirect jumps (Josh Poimboeuf) [1535644]\n- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Josh Poimboeuf) [1535644]\n- [x86] retpoline: Add initial retpoline support (Josh Poimboeuf) [1535644]\n- [x86] jump_label: add asm support for static keys (Josh Poimboeuf) [1535644]\n- [x86] asm: Make asm/alternative.h safe from assembly (Josh Poimboeuf) [1535644]\n- [tools] objtool: Support new GCC 6 switch jump table pattern (Josh Poimboeuf) [1535644]\n- [tools] objtool: Detect jumps to retpoline thunks (Josh Poimboeuf) [1535644]\n- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: print features changed by microcode loading (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: refactor the init and microcode loading paths (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: remove ibrs_enabled variable (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: add ibp_disabled variable (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: remove performance measurements from documentation (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: make ipbp_enabled read-only (Josh Poimboeuf) [1535644]\n- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Josh Poimboeuf) [1535644]\n- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Josh Poimboeuf) [1535644]\n- [base] sysfs/cpu: Add vulnerability folder (Josh Poimboeuf) [1535644]\n- [x86] cpu: Merge bugs.c and bugs_64.c (Josh Poimboeuf) [1535644]\n[3.10.0-844]\n- [tools] perf record: Fix wrong size in perf_record_mmap for last kernel module (Jiri Olsa) [1509073]\n- [testmgr] disable ECDH and DH in FIPS mode (Bruno Eduardo de Oliveira Meneguele) [1523357]\n- [kernel] cpumask: Fix cpumask leak in partition_sched_domains() (Joe Lawrence) [1534918]\n- [kernel] pm / hibernate: Restore processor state before using per-CPU variables (Prarit Bhargava) [1418896]\n- [x86] power/64: Fix hibernation return address corruption (Prarit Bhargava) [1418896]\n- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Andrea Arcangeli) [1533542]\n- [x86] mm: Rework wbinvd, hlt operation in stop_this_cpu() (Suravee Suthikulpanit) [1522676]\n- [mm] swap: zswap: maybe_preload & refactoring (Jerome Marchand) [1532517]\n- [mm] ksm: add cond_resched() to the rmap_walks (Rafael Aquini) [1519517]\n- [mm] mprotect: add a cond_resched() inside change_pmd_range() (Rafael Aquini) [1519517]\n- [infiniband] rdma/bnxt_re: Fix the RoCE firmware version reported (Selvin Xavier) [1538406]\n- [netdrv] cxgb4: fix possible deadlock (Arjun Vynipadath) [1439204]\n- [netdrv] hv_netvsc: Fix the receive buffer size limit (Vitaly Kuznetsov) [1532169]\n- [netdrv] nfp: flower: vxlan: ensure no sleep in atomic context (John Linville) [1537927]\n- [netdrv] nfp: flower: prioritize stats updates (John Linville) [1537141]\n- [net] Fix double free and memory corruption in get_net_ns_by_id() (Aristeu Rozanski) [1531551] {CVE-2017-15129}\n[3.10.0-843]\n- [media] xc2028: avoid use after free (Torez Smith) [1402893] {CVE-2016-7913}\n- [kernel] module: avoid ifdefs for sig_enforce declaration (Bruno Eduardo de Oliveira Meneguele) [1531454]\n- [fs] sysfs: Do not warn about missing kernfs_node if kobj is not active (Vivek Goyal) [1534568]\n- [md] not clear ->safemode for external metadata array (Xiao Ni) [1526283]\n- [md] always clear ->safemode when md_check_recovery gets the mddev lock (Xiao Ni) [1526283]\n- [block] blk-mq: dont allow write on attributes of .seq_ops (Ming Lei) [1535949]\n- [scsi] lpfc: Fix SCSI io host reset causing kernel crash (Dick Kennedy) [1530120]\n- [scsi] lpfc: FLOGI failures are reported when connected to a private loop (Dick Kennedy) [1532307]\n- [scsi] qla2xxx: Fix NULL pointer crash due to probe failure (Himanshu Madhani) [1525810]\n- [scsi] core: check for device state in __scsi_remove_target() (Ewan Milne) [1537459]\n- [scsi] fixup kernel warning during rmmod() (Ewan Milne) [1537459]\n- [nvme] rdma: fix concurrent reset and reconnect (David Milburn) [1517602]\n- [nvdimm] btt: fix uninitialized err_lock (Jeff Moyer) [1524775]\n- [tools] testing/nvdimm: fix nfit_test buffer overflow (Jeff Moyer) [1375501]\n- [tools] testing/nvdimm: fix nfit_test shutdown crash (Jeff Moyer) [1375501]\n- [tools] testing/nvdimm: make iset cookie predictable (Jeff Moyer) [1375501]\n- [tools] testing/nvdimm: support for sub-dividing a pmem region (Jeff Moyer) [1375501]\n- [tools] testing/nvdimm: fix allocation range for mock flush hint tables (Jeff Moyer) [1375501]\n[3.10.0-842]\n- [crypto] aesni: add wrapper for generic gcm(aes) (Sabrina Dubroca) [1525527]\n- [crypto] aesni: fix typo in generic_gcmaes_decrypt (Sabrina Dubroca) [1525527]\n- [infiniband] iser-target: Fix possible use-after-free in connection establishment error (Don Dutile) [1519131]\n- [netdrv] hv_netvsc: Change GPADL teardown order according to Hyper-V version (Mohammed Gamal) [1529436]\n- [netdrv] hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (Mohammed Gamal) [1529436]\n- [netdrv] cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (Arjun Vynipadath) [1538425]\n- [netdrv] bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (Jonathan Toppins) [1536308]\n- [netdrv] ibmvnic: Allocate and request vpd in init_resources (Gustavo Duarte) [1537433]\n- [netdrv] ibmvnic: Revert to previous mtu when unsupported value requested (Gustavo Duarte) [1537433]\n- [netdrv] ibmvnic: Modify buffer size and number of queues on failover (Gustavo Duarte) [1537433]\n- [netdrv] revert mlx5: Expose command polling interface (Don Dutile) [1533670]\n- [netdrv] revert mlx5: Add fast unload support in shutdown flow (Don Dutile) [1533670]\n- [net] ipv4: fib: Fix metrics match when deleting a route (Phil Sutter) [1526442]\n- [net] sched: fix use-after-free in tcf_block_put_ext (Ivan Vecera) [1533034]\n- [net] sched: get rid of rcu_barrier() in tcf_block_put_ext() (Ivan Vecera) [1533034]\n- [net] use for_each_netdev_safe() in rtnl_group_changelink() (Lorenzo Bianconi) [1523618]\n- [net] openvswitch: Fix pop_vlan action for double tagged frames (Eric Garver) [1522739]\n- [net] openvswitch: fix list corruption on force commit (Eric Garver) [1531680]\n- [net] tcp: Split BUG_ON() in tcp_tso_should_defer() into two assertions (Stefano Brivio) [1532373]\n- [net] ethtool: add support for forward error correction modes (Ivan Vecera) [1530634]\n- [net] vxlan: restore dev->mtu setting based on lower device (Stefano Brivio) [1520310]\n- [net] xfrm: add UDP encapsulation port in migrate message (Bruno Eduardo de Oliveira Meneguele) [1460790]\n- [net] xfrm: extend MIGRATE with UDP encapsulation port (Bruno Eduardo de Oliveira Meneguele) [1460790]\n- [net] xfrm: fix state migration copy replay sequence numbers (Bruno Eduardo de Oliveira Meneguele) [1460790]\n- [net] xfrm: Cleanup error handling of xfrm_state_clone (Bruno Eduardo de Oliveira Meneguele) [1460790]\n- [net] xfrm: checkpatch errors with foo * bar (Bruno Eduardo de Oliveira Meneguele) [1460790]\n[3.10.0-841]\n- [gpu] drm/vmwgfx: fix memory corruption with legacy/sou connectors (Rob Clark) [1525872]\n- [gpu] drm/nouveau/disp/gf119: add missing drive vfunc ptr (Rob Clark) [1532388]\n- [gpu] drm/i915: Apply Display WA #1183 on skl, kbl, and cfl (Rob Clark) [1532388]\n- [gpu] drm/i915: Disable DC states around GMBUS on GLK (Rob Clark) [1532388]\n- [gpu] drm/i915/skl+: debugfs entry to control IPC (Rob Clark) [1532388]\n- [gpu] drm/i915/bxt+: Enable IPC support (Rob Clark) [1532388]\n- [gpu] drm/i915/gen9+: Add has_ipc flag in device info structure (Rob Clark) [1532388]\n- [gpu] drm/i915/gen10: Calculate and enable transition WM (Rob Clark) [1532388]\n- [gpu] drm/i915/skl+: Optimize WM calculation (Rob Clark) [1532388]\n- [gpu] drm/i915: Fixed point fixed16 wrapper cleanup (Rob Clark) [1532388]\n- [gpu] drm/i915: Flush pending GTT writes before unbinding (Rob Clark) [1532388]\n- [gpu] drm: Add retries for lspcon mode detection (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: bypass lru touch for KIQ ring submission (Rob Clark) [1532388]\n- [gpu] drm/i915: Fix vblank timestamp/frame counter jumps on gen2 (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map (Rob Clark) [1532388]\n- [gpu] drm/i915: Prevent zero length 'index' write (Rob Clark) [1532388]\n- [gpu] drm/i915: Dont try indexed reads to alternate slave addresses (Rob Clark) [1532388]\n- [gpu] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition (Rob Clark) [1532388]\n- [gpu] drm/i915/fbdev: Serialise early hotplug events with async fbdev config (Rob Clark) [1532388]\n- [gpu] drm/i915: Re-register PMIC bus access notifier on runtime resume (Rob Clark) [1532388]\n- [gpu] drm/i915: Fix false-positive assert_rpm_wakelock_held in i915_pmic_bus_access_notifier v2 (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: Set adev->vcn.irq.num_types for VCN (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: move UVD/VCE and VCN structure out from union (Rob Clark) [1532388]\n- [gpu] drm/edid: Dont send non-zero YQ in AVI infoframe for HDMI 1.x sinks (Rob Clark) [1532388]\n- [gpu] drm/fb_helper: Disable all crtcs when initial setup fails (Rob Clark) [1532388]\n- [gpu] drm/amd/pp: fix typecast error in powerplay (Rob Clark) [1532388]\n- [gpu] drm/ttm: once more fix ttm_buffer_object_transfer (Rob Clark) [1532388]\n- [gpu] drm/radeon: fix atombios on big endian (Rob Clark) [1532388]\n- [gpu] drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug (Rob Clark) [1532388]\n- [gpu] drm/vblank: Fix flip event vblank count (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: Remove check which is not valid for certain VBIOS (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: Properly allocate VM invalidate eng v2 (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: fix error handling in amdgpu_bo_do_create (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: correct reference clock value on vega10 (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: Potential uninitialized variable in amdgpu_vm_update_directories() (Rob Clark) [1532388]\n- [gpu] drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs() (Rob Clark) [1532388]\n- [gpu] revert 'drm/radeon: dont switch vt on suspend' (Rob Clark) [1532388]\n- [x86] gpu: add CFL to early quirks (Rob Clark) [1532388]\n- [x86] gpu: CNL uses the same GMS values as SKL (Rob Clark) [1532388]\n- [x86] gpu: GLK uses the same GMS values as SKL (Rob Clark) [1532388]\n[3.10.0-840]\n- [i2c] designware: Find bus speed from ACPI (Gopal Tiwari) [1456705]\n- [i2c] core: Add function for finding the bus speed from ACPI, take 2 (Gopal Tiwari) [1456705]\n- [i2c] core: Cleanup I2C ACPI namespace, take 2 (Gopal Tiwari) [1456705]\n- [i2c] designware: Enable high speed mode (Gopal Tiwari) [1456705]\n- [i2c] designware: set the common config before the if else (Gopal Tiwari) [1456705]\n- [i2c] designware: Enable fast mode plus (Gopal Tiwari) [1456705]\n- [i2c] designware: get fast plus and high speed *CNT configuration (Gopal Tiwari) [1456705]\n- [i2c] designware: Move clk_freq into struct dw_i2c_dev (Gopal Tiwari) [1456705]\n- [i2c] i2c / acpi: add support for ACPI reconfigure notifications (Gopal Tiwari) [1456705]\n- [acpi] add support for ACPI reconfiguration notifiers (Gopal Tiwari) [1456705]\n- [acpi] scan: fix enumeration (visited) flags for bus rescans (Gopal Tiwari) [1456705]\n- [i2c] use pr_fmt in the core (Gopal Tiwari) [1456705]\n- [i2c] print more info when acpi_i2c_space_handler() fails (Gopal Tiwari) [1456705]\n- [i2c] add error message when obtaining idr fails (Gopal Tiwari) [1456705]\n- [i2c] improve error messages in i2c_register_adapter() (Gopal Tiwari) [1456705]\n- [i2c] cleanup i2c_register_adapter() by refactoring recovery init (Gopal Tiwari) [1456705]\n- [i2c] free idr when sanity checks in i2c_register_adapter() fail (Gopal Tiwari) [1456705]\n- [i2c] designware-pci: Make bus number allocation robust (Gopal Tiwari) [1456705]\n- [i2c] only check scl functions when using generic recovery (Gopal Tiwari) [1456705]\n- [i2c] let I2C masters ignore their children for PM (Gopal Tiwari) [1456705]\n- [i2c] core: use new 8 bit address helper function (Gopal Tiwari) [1456705]\n- [kernel] i2c: introduce helper function to get 8 bit address from a message (Gopal Tiwari) [1456705]\n- [i2c] immediately mark ourselves as registered (Gopal Tiwari) [1456705]\n- [i2c] do not use internal data from driver core (Gopal Tiwari) [1456705]\n- [i2c] Add generic support passing secondary devices addresses (Gopal Tiwari) [1456705]\n- [i2c] always enable RuntimePM for the adapter device (Gopal Tiwari) [1456705]\n- [i2c] i2c / acpi: Rework I2C device scanning (Gopal Tiwari) [1456705]\n- [i2c] core: Add support for best effort block read emulation (Gopal Tiwari) [1456705]\n- [i2c] doc: dt: describe generic bindings (Gopal Tiwari) [1456705]\n- [i2c] slave: print warning if slave flag not set (Gopal Tiwari) [1456705]\n- [i2c] support 10 bit and slave (Gopal Tiwari) [1456705]\n- [i2c] core: add and export of_get_i2c_adapter_by_node() interface (Gopal Tiwari) [1456705]\n- [i2c] core: manage i2c bus device refcount in i2c_get/put_adapter (Gopal Tiwari) [1456705]\n- [i2c] fix leaked device refcount on of_find_i2c_* error path (Gopal Tiwari) [1456705]\n- [i2c] take address space into account when checking for used addresses (Gopal Tiwari) [1456705]\n- [i2c] make address check indpendent from client struct (Gopal Tiwari) [1456705]\n- [i2c] rename address check functions (Gopal Tiwari) [1456705]\n- [i2c] core: only use set_scl for bus recovery after calling prepare_recovery (Gopal Tiwari) [1456705]\n- [i2c] core: Reduce stack size of acpi_i2c_space_handler() (Gopal Tiwari) [1456705]\n- [i2c] check for proper length of the reg property (Gopal Tiwari) [1456705]\n- [i2c] core: fix typo in comment (Gopal Tiwari) [1456705]\n- [i2c] apply address offset for slaves, too (Gopal Tiwari) [1456705]\n- [kernel] i2c: add a flag to mark clients as slaves (Gopal Tiwari) [1456705]\n- [i2c] slave: add error messages to slave core (Gopal Tiwari) [1456705]\n- [i2c] Mark adapter devices with pm_runtime_no_callbacks (Gopal Tiwari) [1456705]\n- [i2c] core: Export bus recovery functions (Gopal Tiwari) [1456705]\n- [i2c] change input parameter to i2c_adapter for prepare/unprepare_recovery (Gopal Tiwari) [1456705]\n- [i2c] documentation: i2c: describe the new slave mode (Gopal Tiwari) [1456705]\n- [i2c] clarify comments about the dev_released completion (Gopal Tiwari) [1456705]\n- [i2c] Only include slave support if selected (Gopal Tiwari) [1456705]\n- [i2c] designware: Do not calculate SCL timing parameters needlessly (Gopal Tiwari) [1456705]\n- [i2c] simplify boilerplate code for attribute groups (Gopal Tiwari) [1456705]\n- [i2c] do not try to load modules for of-registered devices (Gopal Tiwari) [1456705]\n- [i2c] acpi: Pick the first address if device has multiple (Gopal Tiwari) [1456705]\n- [i2c] Remove support for legacy PM (Gopal Tiwari) [1456705]\n- [i2c] core changes for slave support (Gopal Tiwari) [1456705]\n- [i2c] acpi: remove unneeded variable initialization (Gopal Tiwari) [1456705]\n- [i2c] acpi: Fix NULL Pointer dereference (Gopal Tiwari) [1456705]\n- [i2c] move acpi code back into the core (Gopal Tiwari) [1456705]\n- [i2c] add debug info when class instantiation was dropped (Gopal Tiwari) [1456705]\n- [i2c] acpi: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI config (Gopal Tiwari) [1456705]\n- [i2c] acpi: Add i2c ACPI operation region support (Gopal Tiwari) [1456705]\n- [i2c] Add message transfer tracepoints for SMBUS (ver 2) (Gopal Tiwari) [1456705]\n- [i2c] Add message transfer tracepoints for I2C (Gopal Tiwari) [1456705]\n- [i2c] add deprecation warning for class based instantiation (Gopal Tiwari) [1456705]\n- [i2c] Use stable dev_name for ACPI enumerated I2C slaves (Gopal Tiwari) [1456705]\n- [i2c] attach/detach I2C client device to the ACPI power domain (Gopal Tiwari) [1456705]\n- [acpi] pm: allow child devices to ignore parent power state (Gopal Tiwari) [1456705]\n- [i2c] Not all adapters have a parent (Gopal Tiwari) [1456705]\n- [i2c] Remove redundant 'driver' field from the i2c_client struct (Gopal Tiwari) [1456705]\n- [media] core: Dont use i2c_client->driver (Gopal Tiwari) [1456705]\n- [acpi] pm: Make messages in acpi_device_set_power() print device names (Gopal Tiwari) [1456705]", "edition": 71, "modified": "2018-04-16T00:00:00", "published": "2018-04-16T00:00:00", "id": "ELSA-2018-1062", "href": "http://linux.oracle.com/errata/ELSA-2018-1062.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-5753", "CVE-2016-8650", "CVE-2017-5754", "CVE-2017-7895", "CVE-2016-7910", "CVE-2017-1000111", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-6001", "CVE-2017-18203", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-8824", "CVE-2017-13166", "CVE-2018-1130", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000112", "CVE-2017-5715", "CVE-2015-8830", "CVE-2012-6701", "CVE-2017-6214", "CVE-2017-1000364", "CVE-2017-7541", "CVE-2017-1000410", "CVE-2017-7308", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-15121", "CVE-2017-18017", "CVE-2018-5803", "CVE-2017-8890", "CVE-2017-12190", "CVE-2018-3639"], "description": "[2.6.32-754.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-754]\n- [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}\n- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]\n- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639}\n- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639}\n- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494]\n- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]\n- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148]\n- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130}\n- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}\n[2.6.32-753]\n- [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865]\n- [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362]\n- [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362]\n[2.6.32-752]\n- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487]\n- [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117]\n- [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357]\n- [net] security: export security_sk_clone (Marcelo Leitner) [1571357]\n[2.6.32-751]\n- [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377]\n- [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959]\n- [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959]\n- [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959]\n- [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959]\n- [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959]\n- [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959]\n- [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959]\n- [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959]\n- [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959]\n- [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959]\n- [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959]\n- [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959]\n- [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959]\n- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241]\n- [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803}\n[2.6.32-750]\n- [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121}\n- [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196]\n- [fs] Provide sane values for nlink (Leif Sahlberg) [1554342]\n[2.6.32-749]\n- [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788]\n- [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788]\n- [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788]\n- [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788]\n- [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788]\n- [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788]\n- [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786]\n- [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786]\n- [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725]\n- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725]\n- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725]\n- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725]\n- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725]\n- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552]\n- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552]\n- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845]\n- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845]\n- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845]\n- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845]\n- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845]\n[2.6.32-748]\n- [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380]\n- [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380]\n- [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380]\n- [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380]\n- [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380]\n- [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380]\n- [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380]\n- [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380]\n- [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849]\n- [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849]\n- [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849]\n[2.6.32-747]\n- [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928]\n- [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928]\n- [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378]\n- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386]\n- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631]\n- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631]\n- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630]\n- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630]\n- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630]\n[2.6.32-746]\n- [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203}\n- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562]\n- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754}\n- [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525]\n- [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525]\n- [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525]\n- [ipmi] use smi_num for init_name (Tony Camuso) [1484525]\n- [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525]\n- [ipmi] clean up printks (Tony Camuso) [1484525]\n- [ipmi] cleanup error return (Tony Camuso) [1484525]\n- [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao Ni) [1417294]\n- [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294]\n- [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294]\n- [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294]\n[2.6.32-745]\n- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754}\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166}\n- [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706]\n[2.6.32-744]\n- [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224]\n- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822]\n- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822]\n- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822]\n[2.6.32-743]\n- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166}\n- [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523]\n- [fs] ext*: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482]\n- [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076]\n- [fs] export __block_write_full_page (Robert S Peterson) [1331076]\n- [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959]\n- [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959]\n- [block] introduce blk_queue_enter() (Ming Lei) [1462959]\n- [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337]\n- [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337]\n- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754}\n- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754}\n[2.6.32-742]\n- [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879]\n- [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565]\n- [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900]\n- [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288]\n- [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983]\n- [audit] reinstate check for failed execve (Denys Vlasenko) [1488822]\n- [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324]\n- [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980]\n- [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453]\n- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959]\n- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959]\n- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959]\n- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959]\n- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959]\n- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167]\n- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167]\n- [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872]\n- [fs] add set_nlink() (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872]\n- [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872]\n- [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872]\n- [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281]\n- [scsi] dual scan thread bug fix (Ewan Milne) [1508512]\n- [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512]\n- [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168]\n[2.6.32-741]\n- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017}\n- [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559]\n- [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559]\n- [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559]\n- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024]\n- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024]\n- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024]\n- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024]\n- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167]\n- [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504]\n- [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773]\n- [scsi] hpsa: update driver version (Joseph Szczypek) [1541517]\n- [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517]\n- [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517]\n[2.6.32-740]\n- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645]\n- [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645]\n- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645]\n- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645]\n- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645]\n- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645]\n- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645]\n- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645]\n- [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645]\n- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645]\n- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645]\n- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645]\n- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645]\n- [x86] Use IBRS for firmware update path (Waiman Long) [1535645]\n- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645]\n- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645]\n- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645]\n- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645]\n- [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645]\n- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645]\n- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645]\n- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645]\n- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645]\n- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645]\n- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645]\n- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645]\n- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645]\n- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645]\n- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645]\n- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645]\n- [x86] mce: Make machine check speculation protected (Waiman Long) [1535645]\n- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645]\n- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645]\n- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645]\n- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645]\n- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645]\n- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645]\n- [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645]\n- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645]\n- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645]\n- [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645]\n- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645]\n- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645]\n- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645]\n- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645]\n- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645]\n- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645]\n- [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645]\n- [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645]\n- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645]\n- [x86] alternatives: Document macros (Waiman Long) [1535645]\n- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645]\n- [x86] alternatives: Add instruction padding (Waiman Long) [1535645]\n- [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645]\n- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645]\n- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645]\n- [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645]\n[2.6.32-739]\n- [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543]\n- [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543]\n- [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542]\n- [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542]\n- [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542]\n- [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542]\n- [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542]\n- [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542]\n[2.6.32-738]\n- [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}\n- [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715}\n- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715}\n- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754}\n- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753}\n- [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753}\n- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753}\n- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754}\n- [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754}\n- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754}\n[2.6.32-737]\n- [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592]\n- [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184]\n- [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192]\n- [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754]\n- [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594]\n- [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594]\n[2.6.32-736]\n- [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825]\n- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410}\n- [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175]\n[2.6.32-735]\n- [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}\n- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340]\n[2.6.32-734]\n- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669]\n- [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431]\n- [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431]\n- [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431]\n- [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431]\n- [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297]\n- [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297]\n- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824}\n- [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139]\n- [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919]\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559]\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559]\n- [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025]\n[2.6.32-733]\n- [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786]\n- [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263]\n- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860]\n- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862]\n- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108]\n[2.6.32-732]\n- [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988]\n- [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988]\n- [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322]\n- [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105]\n- [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956]\n- [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856]\n[2.6.32-731]\n- [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631]\n- [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631]\n- [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631]\n- [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631]\n- [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631]\n- [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631]\n- [fs] fscache: make check_consistency callback return int (David Howells) [1418631]\n- [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631]\n- [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631]\n- [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654]\n- [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630]\n- [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448]\n- [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168]\n[2.6.32-730]\n- [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455]\n- [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190}\n- [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190}\n[2.6.32-729]\n- [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260]\n[2.6.32-728]\n- [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754]\n- [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952]\n- [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097]\n- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991]\n- [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036]\n- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549]\n[2.6.32-727]\n- [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220]\n- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220]\n[2.6.32-726]\n- [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962]\n[2.6.32-725]\n- [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000]\n- [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915]\n[2.6.32-724]\n- [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787]\n- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787]\n- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787]\n- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787]\n- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787]\n- [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787]\n[2.6.32-723]\n- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]\n[2.6.32-722]\n- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152]\n- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176}\n[2.6.32-721]\n- [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034]\n- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111}\n- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308}\n- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253}\n- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253}\n[2.6.32-720]\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106}\n- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106}\n- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542}\n- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542}\n- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112}\n- [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}\n- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}\n[2.6.32-719]\n- [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636]\n- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251}\n[2.6.32-718]\n- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288]\n- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288]\n[2.6.32-717]\n- [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097]\n[2.6.32-716]\n- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773]\n- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541}\n- [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169]\n- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169]\n[2.6.32-715]\n- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530]\n[2.6.32-714]\n- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541]\n- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541]\n- [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541]\n- [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541]\n[2.6.32-713]\n- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074}\n[2.6.32-712]\n- [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364}\n- [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364}\n- [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237]\n[2.6.32-711]\n- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978]\n- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358]\n[2.6.32-710]\n- [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364}\n[2.6.32-709]\n- [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450]\n- [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450]\n- [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075}\n- [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077}\n- [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890}\n- [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612]\n[2.6.32-708]\n- [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421]\n- [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616}\n- [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762]\n- [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305]\n- [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305]\n- [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305]\n[2.6.32-707]\n- [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847]\n- [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326]\n- [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760]\n- [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761]\n[2.6.32-706]\n- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030]\n- [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672]\n[2.6.32-705]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895}\n- [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001}\n- [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440]\n[2.6.32-704]\n- [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170]\n- [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909]\n[2.6.32-703]\n- [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942]\n- [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942]\n[2.6.32-702]\n- [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361]\n- [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671}\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214}\n- [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331]\n[2.6.32-701]\n- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727]\n- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560]\n[2.6.32-700]\n- [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508]\n- [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527]\n- [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650}\n- [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830}\n- [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701}\n[2.6.32-699]\n- [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881]\n- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881]\n[2.6.32-698]\n- [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762]\n- [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762]\n- [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762]\n- [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762]\n[2.6.32-697]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910}\n- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749]\n- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636}", "edition": 71, "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "ELSA-2018-1854", "href": "http://linux.oracle.com/errata/ELSA-2018-1854.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:32:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-5333", "CVE-2017-15129", "CVE-2018-5332", "CVE-2017-18017"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181234", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1234\");\n script_version(\"2020-01-23T11:18:17+0000\");\n script_cve_id(\"CVE-2017-13215\", \"CVE-2017-15129\", \"CVE-2017-18017\", \"CVE-2017-18079\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:18:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:18:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1234\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1234\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1234 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.(CVE-2017-15129)\n\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.(CVE-2017-18017)\n\nA flaw was found in the upstream kernel Skcipher component. This vulnerability affects the skcipher_recvmsg function of the component Skcipher. The manipulation with an unknown input leads to a privilege escalation vulnerability.(CVE-2017-13215)\n\nIn the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5332)\n\nIn the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.(CVE-2018-5333)\n\ndrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-exists value can change after it is validated.(CVE-2017-18079)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2018-8897", "CVE-2017-18017"], "description": "Check the version of kernel", "modified": "2019-03-11T00:00:00", "published": "2018-05-10T00:00:00", "id": "OPENVAS:1361412562310882875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882875", "type": "openvas", "title": "CentOS Update for kernel CESA-2018:1319 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_1319_kernel_centos6.nasl 14095 2019-03-11 13:54:56Z cfischer $\n#\n# CentOS Update for kernel CESA-2018:1319 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882875\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-10 05:45:10 +0200 (Thu, 10 May 2018)\");\n script_cve_id(\"CVE-2017-7645\", \"CVE-2017-8824\", \"CVE-2017-13166\", \"CVE-2017-18017\",\n \"CVE-2017-1000410\", \"CVE-2018-8897\", \"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2018:1319 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * hw: cpu: speculative execution permission faults handling (CVE-2017-5754)\n\n * Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n * kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n * kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in\nnet/netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n * kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section.\n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754 Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for\nreporting CVE-2018-8897 Mohamed Ghannam for reporting CVE-2017-8824 and\nArmis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the bug\nfix descriptions in the referenced Knowledge Article.\");\n\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:1319\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-May/022827.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/3431591\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~696.28.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:38:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-02-10T00:00:00", "id": "OPENVAS:1361412562310851698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851698", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:0408-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851698\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-10 07:54:04 +0100 (Sat, 10 Feb 2018)\");\n script_cve_id(\"CVE-2017-15129\", \"CVE-2017-17712\", \"CVE-2017-17862\", \"CVE-2017-17864\",\n \"CVE-2017-18017\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\",\n \"CVE-2018-5333\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:0408-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a 'pointer leak (bnc#1073928).\n\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel had a race condition in inet- hdrincl that lead to\n uninitialized stack pointer usage this allowed a local user to execute\n code and gain privileges (bnc#1073229 1073230).\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of s ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0408-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug\", rpm:\"kselftests-kmp-debug~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-debug-debuginfo\", rpm:\"kselftests-kmp-debug-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default\", rpm:\"kselftests-kmp-default~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-default-debuginfo\", rpm:\"kselftests-kmp-default-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla\", rpm:\"kselftests-kmp-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kselftests-kmp-vanilla-debuginfo\", rpm:\"kselftests-kmp-vanilla-debuginfo~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.114~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3693", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7184", "CVE-2017-13215", "CVE-2016-8399", "CVE-2017-0861", "CVE-2017-13166", "CVE-2015-8830", "CVE-2012-6701", "CVE-2017-7558", "CVE-2017-9725", "CVE-2018-5390", "CVE-2017-18017", "CVE-2018-14646", "CVE-2018-10902", "CVE-2018-5803", "CVE-2018-1000026"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191539", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1539)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1539\");\n script_version(\"2020-01-23T12:09:10+0000\");\n script_cve_id(\"CVE-2015-8830\", \"CVE-2016-8399\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13215\", \"CVE-2017-18017\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2017-7184\", \"CVE-2017-7558\", \"CVE-2017-9725\", \"CVE-2018-1000026\", \"CVE-2018-10902\", \"CVE-2018-14646\", \"CVE-2018-3693\", \"CVE-2018-5390\", \"CVE-2018-5803\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:09:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:09:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1539)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1539\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1539\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1539 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3693)\n\nA flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.(CVE-2018-5390)\n\nIt was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.(CVE-2018-10902)\n\nInteger overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.(CVE-2015-8830)\n\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().(CVE-2016-8399)\n\nOut-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation.(CVE-2017-7184)\n\nThe Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could expl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2017-13215", "CVE-2017-17558", "CVE-2018-5333", "CVE-2017-0861", "CVE-2017-17805", "CVE-2018-5344", "CVE-2016-3695", "CVE-2017-8824", "CVE-2017-17448", "CVE-2016-7915", "CVE-2017-1000407", "CVE-2018-5332", "CVE-2017-16939", "CVE-2017-17449", "CVE-2017-15868", "CVE-2017-17807", "CVE-2017-18017", "CVE-2017-17806"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181031", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1031)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1031\");\n script_version(\"2020-01-23T11:09:23+0000\");\n script_cve_id(\"CVE-2016-3695\", \"CVE-2016-7915\", \"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-13215\", \"CVE-2017-15868\", \"CVE-2017-16939\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18017\", \"CVE-2017-8824\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5344\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1031)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1031\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1031\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1031 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.(CVE-2016-7915)\n\nIn the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.(CVE-2018-5344)\n\nIn the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.(CVE-2018-5333)\n\nIn the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5332)\n\nA flaw was found in the upstream kernel Skcipher component. This vulnerability affects the skcipher_recvmsg function of the component Skcipher. The manipulation with an unknown input leads to a privilege escalation vulnerability.(CVE-2017-13215)\n\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.(CVE-2017-18017)\n\nThe Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.(CVE-2017-17805)\n\nThe HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USE ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.172\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14051", "CVE-2017-5754", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-02-24T00:00:00", "id": "OPENVAS:1361412562310843461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843461", "type": "openvas", "title": "Ubuntu Update for linux USN-3583-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3583_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3583-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843461\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-24 09:03:42 +0100 (Sat, 24 Feb 2018)\");\n script_cve_id(\"CVE-2017-0750\", \"CVE-2017-0861\", \"CVE-2017-1000407\", \"CVE-2017-12153\",\n \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14140\",\n \"CVE-2017-14156\", \"CVE-2017-14489\", \"CVE-2017-15102\", \"CVE-2017-15115\",\n \"CVE-2017-15274\", \"CVE-2017-15868\", \"CVE-2017-16525\", \"CVE-2017-17450\",\n \"CVE-2017-17806\", \"CVE-2017-18017\", \"CVE-2017-5669\", \"CVE-2017-7542\",\n \"CVE-2017-7889\", \"CVE-2017-8824\", \"CVE-2018-5333\", \"CVE-2018-5344\",\n \"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3583-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that an out-of-bounds\n write vulnerability existed in the Flash-Friendly File System (f2fs) in the\n Linux kernel. An attacker could construct a malicious file system that, when\n mounted, could cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-0750) It was discovered that a race condition leading\n to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered\n that the KVM implementation in the Linux kernel allowed passthrough of the\n diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a\n denial of service (system crash) in the host OS. (CVE-2017-1000407) Bo Zhang\n discovered that the netlink wireless configuration interface in the Linux kernel\n did not properly validate attributes when handling certain requests. A local\n attacker with the CAP_NET_ADMIN could use this to cause a denial of service\n (system crash). (CVE-2017-12153) Vitaly Mayatskikh discovered that the SCSI\n subsystem in the Linux kernel did not properly track reference counts when\n merging buffers. A local attacker could use this to cause a denial of service\n (memory exhaustion). (CVE-2017-12190) It was discovered that the key management\n subsystem in the Linux kernel did not properly restrict key reads on negatively\n instantiated keys. A local attacker could use this to cause a denial of service\n (system crash). (CVE-2017-12192) It was discovered that an integer overflow\n existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the\n Linux kernel. A local privileged attacker could use this to cause a denial of\n service (system crash). (CVE-2017-14051) Otto Ebeling discovered that the memory\n manager in the Linux kernel did not properly check the effective UID in some\n situations. A local attacker could use this to expose sensitive information.\n (CVE-2017-14140) It was discovered that the ATI Radeon framebuffer driver in the\n Linux kernel did not properly initialize a data structure returned to user\n space. A local attacker could use this to expose sensitive information (kernel\n memory). (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport\n implementation in the Linux kernel did not properly validate data structures. A\n local attacker could use this to cause a denial of service (system crash).\n (CVE-2017-14489) James Patrick-Evans discovered a race condition in the LEGO USB\n Infrared Tower driver in the Linux kernel. A physically proximate attacker could\n use this to cause ... Description truncated, for more information please check\n the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3583-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3583-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-generic\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-generic-lpae\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-lowlatency\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-powerpc-e500\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-powerpc-e500mc\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-powerpc-smp\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-powerpc64-emb\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-142-powerpc64-smp\", ver:\"3.13.0-142.191\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.142.152\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:07:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2018-5803", "CVE-2018-1092", "CVE-2017-16914"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-0861\n\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes\nrunning on the system.\n\nThis specific attack has been named Spectre variant 2 (branch\ntarget injection) and is mitigated for the x86 architecture (amd64\nand i386) by using the ", "modified": "2020-01-29T00:00:00", "published": "2018-05-04T00:00:00", "id": "OPENVAS:1361412562310891369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891369", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-1369-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891369\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-16526\", \"CVE-2017-16911\", \"CVE-2017-16912\",\n \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\", \"CVE-2017-18203\", \"CVE-2017-18216\",\n \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1068\",\n \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\",\n \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-1369-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-04 00:00:00 +0200 (Fri, 04 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.2.101-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.101. It also fixes a regression in the\nprocfs hidepid option in the previous version (Debian bug #887106).\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-0861\n\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\nMultiple researchers have discovered a vulnerability in various\nprocessors supporting speculative execution, enabling an attacker\ncontrolling an unprivileged process to read memory from arbitrary\naddresses, including from the kernel and all other processes\nrunning on the system.\n\nThis specific attack has been named Spectre variant 2 (branch\ntarget injection) and is mitigated for the x86 architecture (amd64\nand i386) by using the 'retpoline' compiler feature which allows\nindirect branches to be isolated from speculative execution.\n\nCVE-2017-13166\n\nA bug in the 32-bit compatibility layer of the v4l2 ioctl handling\ncode has been found. Memory protections ensuring user-provided\nbuffers always point to userland memory were disabled, allowing\ndestination addresses to be in kernel space. On a 64-bit kernel\n(amd64 flavour) a local user with access to a suitable video\ndevice can exploit this to overwrite kernel memory, leading to\nprivilege escalation.\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armel\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armhf\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-i386\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common-rt\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-all\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-all-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-all-armel\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-all-armhf\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-all-i386\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-common\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-common-rt\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-6-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-486\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-iop32x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-ixp4xx\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-kirkwood\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-mv78xx0\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-mx5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-omap\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-orion5x\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-rt-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-rt-686-pae-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-rt-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-rt-amd64-dbg\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-versatile\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-6-vexpress\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-5\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-6\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-6-686-pae\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-6-amd64\", ver:\"3.2.101-1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:56:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-07-04T00:00:00", "published": "2018-05-01T00:00:00", "id": "OPENVAS:1361412562310704187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704187", "type": "openvas", "title": "Debian Security Advisory DSA 4187-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4187-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704187\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2015-9016\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13220\", \"CVE-2017-16526\",\n \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\",\n \"CVE-2017-18203\", \"CVE-2017-18216\", \"CVE-2017-18232\", \"CVE-2017-18241\", \"CVE-2017-5715\",\n \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1066\", \"CVE-2018-1068\",\n \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\",\n \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_name(\"Debian Security Advisory DSA 4187-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-01 00:00:00 +0200 (Tue, 01 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4187.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-5\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:39:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5754", "CVE-2017-7645", "CVE-2017-8824", "CVE-2017-13166", "CVE-2017-1000410", "CVE-2018-8897", "CVE-2017-18017"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1319\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, x86 32-bit)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-May/034865.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-05-10T01:00:09", "published": "2018-05-10T01:00:09", "id": "CESA-2018:1319", "href": "http://lists.centos.org/pipermail/centos-announce/2018-May/034865.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5754", "CVE-2017-17558", "CVE-2016-8633", "CVE-2018-1000004", "CVE-2017-15274", "CVE-2017-15265", "CVE-2017-18203", "CVE-2017-1000252", "CVE-2018-6927", "CVE-2017-15129", "CVE-2017-7294", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-13166", "CVE-2017-13305", "CVE-2017-1000407", "CVE-2017-15126", "CVE-2017-15116", "CVE-2017-18270", "CVE-2017-1000410", "CVE-2017-17449", "CVE-2017-9725", "CVE-2016-7913", "CVE-2017-15127", "CVE-2018-5750", "CVE-2017-15121", "CVE-2017-18017", "CVE-2017-12154", "CVE-2016-3672", "CVE-2017-12190"], "description": "**CentOS Errata and Security Advisory** CESA-2018:1062\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate)\n\n* kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)\n\n* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate)\n\n* kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate)\n\n* kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate)\n\n* kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)\n\n* Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\n* kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate)\n\n* kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)\n\n * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low)\n\nRed Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Sch\u00f6nherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat).\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-April/005226.html\n\n**Affected packages:**\nkernel-abi-whitelists\nkernel-doc\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-04-27T05:53:39", "published": "2018-04-27T05:53:39", "id": "CESA-2018:1062", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-April/005226.html", "title": "kernel security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-03-12T15:38:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port->exists value can change after it is validated (bnc#1077922).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n exists in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - Enable CPU vulnerabilities reporting via sysfs\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - Move kABI fixup for retpolines to proper place.\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "edition": 1, "modified": "2018-03-12T12:08:22", "published": "2018-03-12T12:08:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html", "id": "SUSE-SU-2018:0660-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-10T00:54:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel has a race condition in inet->hdrincl that leads to\n uninitialized stack pointer usage; this allowed a local user to execute\n code and gain privileges (bnc#1073229).\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a "pointer leak (bnc#1073928).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n existed in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n\n The following non-security bugs were fixed:\n\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching\n (bnc#1012382).\n - ARC: uaccess: dont use "l" gcc inline asm constraint modifier\n (bnc#1012382).\n - Fix EX_SIZE. We do not have the patches that shave off parts of the\n exception data.\n - Fix build error in vma.c (bnc#1012382).\n - Fix mishandling of cases with MSR not being present (writing to MSR even\n though _state == -1).\n - Fix return value from ib[rs|pb]_enabled()\n - Input: trackpoint - force 3 buttons if 0 button is reported\n (bnc#1012382).\n - KVM: s390: Enable all facility bits that are known good for passthrough\n (bsc#1076806).\n - Kabi: Keep KVM stable after enable s390 wire up bpb feature\n (bsc#1076806).\n - Move RFI sysfs to a separate patch\n - Move the RFI debug code into separate patch.\n - Re-enable fixup detection by CPU type in case hypervisor call fails.\n - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"\n (bnc#1012382).\n - Revert "Re-enable fixup detection by CPU type in case hypervisor call\n fails." The firmware update is required for the existing instructions to\n also do the cache flush.\n - Revert "arm64: alternatives: add enable parameter to conditional asm\n macros" (bsc#1068032).\n - Revert "drm/armada: Fix compile fail" (bnc#1012382).\n - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382).\n - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi).\n - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi).\n - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi).\n - Revert "netlink: add a start callback for starting a netlink dump"\n (kabi).\n - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"\n (bnc#1012382).\n - Revert "s390/kbuild: enable modversions for symbols exported from asm"\n (bnc#1012382).\n - Revert "sched/deadline: Use the revised wakeup rule for suspending\n constrained dl tasks" (kabi).\n - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline"\n (kabi).\n - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382).\n - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"\n (bnc#1012382).\n - Revert "x86/efi: Build our own page table structures" (bnc#1012382).\n - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"\n (bnc#1012382).\n - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"\n (bnc#1012382).\n - SMB2: Fix share type handling (bnc#1074392).\n - Set supported_modules_check 1 (bsc#1072163).\n - Update patches.suse/powerpc-Secure-memory-rfi-flush-SLE12SP3.patch\n (bsc#1068032, bsc#1075087).\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n - afs: Adjust mode bits processing (bnc#1012382).\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n - afs: Fix afs_kill_pages() (bnc#1012382).\n - afs: Fix missing put_page() (bnc#1012382).\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n - afs: Populate and use client modification time (bnc#1012382).\n - afs: Populate group ID from vnode status (bnc#1012382).\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n - alpha: fix build failures (bnc#1012382).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1031717).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds\n (bsc#1031717).\n - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717).\n - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717).\n - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717).\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant\n (bsc#1031717).\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717).\n - alsa: hda - Fix headset microphone detection for ASUS N551 and N751\n (bsc#1031717).\n - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717).\n - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717).\n - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717).\n - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717).\n - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717).\n - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717).\n - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717).\n - alsa: hda - change the location for one mic on a Lenovo machine\n (bsc#1031717).\n - alsa: hda - fix headset mic detection issue on a Dell machine\n (bsc#1031717).\n - alsa: hda - fix headset mic problem for Dell machines with alc274\n (bsc#1031717).\n - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717).\n - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717).\n - alsa: hda/realtek - Add default procedure for suspend and resume state\n (bsc#1031717).\n - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic\n (bsc#1031717).\n - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717).\n - alsa: hda/realtek - Enable jack detection function for Intel ALC700\n (bsc#1031717).\n - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717).\n - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717).\n - alsa: hda/realtek - Fix headset and mic on several Asus laptops with\n ALC256 (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV\n (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255\n (bsc#1031717).\n - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717).\n - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE\n (bsc#1031717).\n - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717).\n - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717).\n - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717).\n - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289\n (bsc#1031717).\n - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717).\n - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717).\n - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717).\n - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294\n (bsc#1031717).\n - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294\n (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717).\n - alsa: hda/realtek - change the location for one of two front microphones\n (bsc#1031717).\n - alsa: hda/realtek - fix headset mic detection for MSI MS-B120\n (bsc#1031717).\n - alsa: hda: Drop useless WARN_ON() (bsc#1031717).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1031717).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717).\n - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717).\n - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717).\n - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717).\n - alsa: usb-audio: Fix out-of-bound error (bsc#1031717).\n - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU\n (bsc#1031717).\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n - arm64: Add hypervisor safe helper for checking constant capabilities\n (bsc#1068032).\n - arm64: Add macros to read/write system registers (bsc#1068032).\n - arm64: Add skeleton to harden the branch predictor against aliasing\n attacks (bsc#1068032).\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n - arm64: Disable kpti for non broadcast TLB HW (bsc#1068032).\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros\n (bsc#1068032).\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm\n macro (bsc#1068032).\n - arm64: Fix circular include of asm/lse.h through linux/jump_label.h\n (bsc#1068032).\n - arm64: Fix compilation (bsc#1068032).\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs\n (bsc#1068032).\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n - arm64: Introduce uaccess_{disable,enable} functionality based on\n TTBR0_EL1 (bsc#1068032).\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n - arm64: Move the async/fiq helpers to explicitly set process context\n flags (bsc#1068032).\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to\n init_mm (bsc#1068032).\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n - arm64: Store struct thread_info in sp_el0 (bsc#1068032).\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n - arm64: Use static keys for CPU features (bsc#1068032).\n - arm64: add macro to extract ESR_ELx.EC (bsc#1068032).\n - arm64: alternative: add auto-nop infrastructure (bsc#1068032).\n - arm64: barriers: introduce nops and __nops macros for NOP sequences\n (bsc#1068032).\n - arm64: cpu_errata: Allow an erratum to be match for all revisions of a\n core (bsc#1068032).\n - arm64: cpufeature: Add scope for capability check (bsc#1068032).\n - arm64: cpufeature: Pass capability structure to ->enable callback\n (bsc#1068032).\n - arm64: debug: remove unused local_dbg_{enable, disable} macros\n (bsc#1068032).\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n - arm64: entry.S convert el0_sync (bsc#1068032).\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n - arm64: entry.S: move SError handling into a C function for future\n expansion (bsc#1068032).\n - arm64: entry: Add exception trampoline page for exceptions from EL0\n (bsc#1068032).\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0\n (bsc#1068032).\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro\n (bsc#1068032).\n - arm64: entry: Hook up entry trampoline to exception vectors\n (bsc#1068032).\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n - arm64: explicitly mask all exceptions (bsc#1068032).\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n - arm64: factor out entry stack manipulation (bsc#1068032).\n - arm64: factor work_pending state machine to C (bsc#1068032).\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n - arm64: introduce an order for exceptions (bsc#1068032).\n - arm64: introduce mov_q macro to move a constant into a 64-bit register\n (bsc#1068032).\n - arm64: kaslr: Put kernel vectors address in separate data page\n (bsc#1068032).\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n - arm64: kpti: Fix the interaction between ASID switching and software PAN\n (bsc#1068032).\n - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bnc#1012382).\n - arm64: kvm: Survive unknown traps from guests (bnc#1012382).\n - arm64: kvm: Use per-CPU vector when BP hardening is enabled\n (bsc#1068032).\n - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR\n (bsc#1068032).\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI\n (bsc#1068032).\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables\n (bsc#1068032).\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n - arm64: swp emulation: bound LL/SC retries before rescheduling\n (bsc#1068032).\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg\n (bsc#1068032).\n - arm64: sysreg: allow write_sysreg to use XZR (bsc#1068032).\n - arm64: tlbflush.h: add __tlbi() macro (bsc#1068032).\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks\n (bsc#1068032).\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n - arm64: use alternative auto-nop (bsc#1068032).\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n - arm: OMAP2+: Release device node after it is no longer needed\n (bnc#1012382).\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure\n (bnc#1012382).\n - arm: avoid faulting on qemu (bnc#1012382).\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed\n memory (bnc#1012382).\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7\n (bnc#1012382).\n - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio\n (bnc#1012382).\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n - arm: kprobes: Fix the return address of multiple kretprobes\n (bnc#1012382).\n - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm: kvm: Survive unknown traps from guests (bnc#1012382).\n - asm-prototypes: Clear any CPP defines before declaring the functions\n (git-fixes).\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n - asn.1: fix out-of-bounds read when parsing indefinite length item\n (bnc#1012382).\n - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure\n (bsc#1031717).\n - asoc: twl4030: fix child-node lookup (bsc#1031717).\n - asoc: wm_adsp: Fix validation of firmware and coeff lengths\n (bsc#1031717).\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n - atm: horizon: Fix irq release error (bnc#1012382).\n - audit: ensure that 'audit=1' actually enables audit for PID 1\n (bnc#1012382).\n - axonram: Fix gendisk handling (bnc#1012382).\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: Fix building error on MIPS (bnc#1012382).\n - bcache: Remove deprecated create_workqueue (bsc#1076110).\n - bcache: Remove redundant block_size assignment (bsc#1076110).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1076110).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: debug: avoid accessing .bi_io_vec directly (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n - bcache: gc does not work when triggering by manual command (bsc#1076110,\n bsc#1038078).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bnc#1012382 bsc#1043652).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110).\n - bcache: pr_err: more meaningful error message when nr_stripes is invalid\n (bsc#1076110).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bnc#1012382\n bsc#1043652).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085,\n bsc#1019784).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache: switch to using blk_queue_write_cache() (bsc#1076110).\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: update document info (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - be2net: restore properly promisc mode after queues reconfiguration\n (bsc#963844).\n - block: export bio_free_pages to other modules (bsc#1076110).\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure\n (bnc#1012382).\n - bnx2x: fix possible overrun of VFPF multicast addresses array\n (bnc#1012382).\n - bnx2x: prevent crash when accessing PTP with interface down\n (bnc#1012382).\n - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1066842).\n - btrfs: add missing memset while reading compressed inline extents\n (bnc#1012382).\n - btrfs: clear space cache inode generation always (bnc#1012382).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bnc#1012382).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bnc#1012382).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bnc#1012382).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bnc#1012382).\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - ceph: drop negative child dentries before try pruning inode's alias\n (bnc#1012382).\n - ceph: more accurate statfs (bsc#1077068).\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o\n VPU (bnc#1012382).\n - clk: mediatek: add the option for determining PLL source clock\n (bnc#1012382).\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n - cpuidle: fix broadcast control when broadcast can not be entered\n (bnc#1012382).\n - cpuidle: powernv: Pass correct drv->cpumask for registration\n (bnc#1012382).\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns()\n (bnc#1012382).\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n - crypto: crypto4xx - increase context and scatter ring buffer elements\n (bnc#1012382).\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex\n (bnc#1012382).\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n - crypto: n2 - cure use after free (bnc#1012382).\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler\n (bnc#1012382).\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n - cxl: Check if vphb exists before iterating over AFU devices\n (bsc#1066223).\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state\n (bnc#1012382).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)\n (bnc#1012382).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()\n (bnc#1012382).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bnc#1012382).\n - dmaengine: pl330: fix double lock (bnc#1012382).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bnc#1012382).\n - drivers/firmware: Expose psci_get_version through psci_ops structure\n (bsc#1068032).\n - drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h\n (bsc#1076110).\n - drivers: base: cacheinfo: fix boot error message when acpi is enabled\n (bnc#1012382).\n - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bnc#1012382).\n - drivers: net: xgene: Fix hardware checksum setting (bsc#1078526).\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement\n (bnc#1012382).\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU\n (bnc#1012382).\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n - drm/radeon: fix atombios on big endian (bnc#1012382).\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n - drm: extra printk() wrapper macros (bnc#1012382).\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE\n instead of 0 (bnc#1012382).\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n - eeprom: at24: check at24_read/write arguments (bnc#1012382).\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bnc#1012382).\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n - flow_dissector: properly cap thoff field (bnc#1012382).\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n - fork: clear thread stack upon allocation (bsc#1077560). Conflicts:\n series.conf\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - gfs2: Take inode off order_write list when setting jdata flag\n (bnc#1012382).\n - gpio: altera: Use handle_level_irq when configured as a level_high\n (bnc#1012382).\n - hid: chicony: Add support for another ASUS Zen AiO keyboard\n (bnc#1012382).\n - hid: xinmo: fix for out of range for THT 2P arcade controller\n (bnc#1012382).\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n - i40e: Do not enable NAPI on q_vectors that have no rings (bnc#1012382).\n - ib/hfi1: Correct defered count after processing qp_wait_list (git-fixes).\n - ib/hfi1: Fix rnr_timer addition (git-fixes).\n - ib/hfi1: Handle kzalloc failure in init_pervl_scs (git-fixes).\n - ib/hfi1: Move iowait_init() to priv allocate (git-fixes).\n - ib/hfi1: Prevent kernel QP post send hard lockups (git-fixes).\n - ib/hfi1: Reset QSFP on every run through channel tuning (git-fixes).\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush\n (git-fixes).\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop\n (bnc#1012382).\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n - ib/qib: Remove qpt_mask global (git-fixes).\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (git-fixes).\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n - ibmvnic: Modify buffer size and number of queues on failover\n (bsc#1076872).\n - ibmvnic: Revert to previous mtu when unsupported value requested\n (bsc#1076872).\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n - igb: check memory allocation failure (bnc#1012382).\n - ima: fix hash algorithm initialization (bnc#1012382).\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n - input: elantech - add new icbody type 15 (bnc#1012382).\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list\n (bnc#1012382).\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (bnc#1012382).\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (bnc#1012382).\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref\n (bnc#1012382).\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n - jump_label: Make it possible for arches to invoke jump_label_init()\n earlier (bsc#1068032).\n - jump_labels: Allow array initialisers (bsc#1068032).\n - kABI: protect struct bpf_map (kabi).\n - kABI: protect struct ipv6_pinfo (kabi).\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n - kabi fix for new hash_cred function (bsc#1012917).\n - kabi/severities: do not care about stuff_RSB\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (bnc#1012382).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (bnc#1012382).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (bnc#1012382).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (bnc#1012382).\n - kernel: make groups_sort calling a responsibility group_info allocators\n (bnc#1012382).\n - keys: add missing permission check for request_key() destination\n (bnc#1012382).\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n - kpti: Report when enabled (bnc#1012382).\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n - kvm: arm/arm64: Fix occasional warning from the timer work function\n (bnc#1012382 bsc#988524).\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset\n (bnc#1012382).\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables\n (bnc#1012382).\n - kvm: s390: wire up bpb feature (bsc#1076806).\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382).\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n - kvm: x86: Exit to user-mode on #UD intercept when emulator requires\n (bnc#1012382).\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382).\n - kvm: x86: pvclock: Handle first-time write to pvclock-page contains\n random junk (bnc#1012382).\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices\n (bnc#1012382).\n - libata: drop WARN from protocol error in ata_sff_qc_issue()\n (bnc#1012382).\n - macvlan: Only deliver one copy of the frame to the macvlan interface\n (bnc#1012382).\n - md-cluster: free md_cluster_info if node leave cluster (bnc#1012382).\n - media: dvb: i2c transfers over usb cannot be done from stack\n (bnc#1012382).\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1012382).\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP\n (bnc#1012382).\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n - mm: Introduce lm_alias (bsc#1068032).\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers\n (bnc#1012382).\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n - mmc: core: Do not leave the block driver in a suspended state\n (bnc#1012382).\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong\n (bnc#1012382).\n - module: set __jump_table alignment to 8 (bnc#1012382).\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1012382).\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y\n (bnc#1012382).\n - net/packet: fix a race in packet_bind() and packet_notifier()\n (bnc#1012382).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (bnc#1012382).\n - net: Do not allow negative values for busy_read and busy_poll sysctl\n interfaces (bnc#1012382).\n - net: Fix double free and memory corruption in get_net_ns_by_id()\n (bnc#1012382).\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n - net: bcmgenet: Power up the internal PHY before probing the MII\n (bnc#1012382).\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values\n (bnc#1012382).\n - net: bcmgenet: power down internal phy if open or resume fails\n (bnc#1012382).\n - net: bcmgenet: reserved phy revisions must be checked first\n (bnc#1012382).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (bnc#1012382).\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (bnc#1012382).\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4\n (bnc#1012382).\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (bnc#1012382).\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n - netfilter: do not track fragmented packets (bnc#1012382).\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash\n table (bnc#1012382).\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates\n (bnc#1012382).\n - netlink: add a start callback for starting a netlink dump (bnc#1012382).\n - nfs: Do not take a reference on fl->fl_file for LOCK operation\n (bnc#1012382).\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n - nfs: improve shinking of access cache (bsc#1012917).\n - nfsd: Fix another OPEN stateid race (bnc#1012382).\n - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382).\n - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382).\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n - nfsv4: Fix client recovery when server reboots multiple times\n (bnc#1012382).\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()\n (bnc#1012382).\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel\n (bnc#1012382).\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n - partially revert tipc improve link resiliency when rps is activated\n (bsc#1068038).\n - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n - pci/AER: Report non-fatal errors only to the affected endpoint\n (bnc#1012382).\n - pci/PME: Handle invalid data when reading Root Status (bnc#1012382).\n - pci: Avoid bus reset if bridge itself is broken (bnc#1012382).\n - pci: Create SR-IOV virtfn/physfn links before attaching driver\n (bnc#1012382).\n - pci: Detach driver before procfs & sysfs teardown on device remove\n (bnc#1012382).\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases\n (bnc#1012382).\n - perf test attr: Fix ignored test case result (bnc#1012382).\n - perf: xgene: Add support for SoC PMU version 3 (bsc#1076809).\n - perf: xgene: Include module.h (bsc#1076809).\n - perf: xgene: Move PMU leaf functions into function pointer structure\n (bsc#1076809).\n - perf: xgene: Parse PMU subnode from the match table (bsc#1076809).\n - perf: xgene: Remove unnecessary managed resources cleanup (bsc#1076809).\n - phy: work around 'phys' references to usb-nop-xceiv devices\n (bnc#1012382).\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075087).\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo\n (bnc#1012382).\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested\n (bnc#1012382).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback\n after system boot (bsc#1068032, bsc#1075087).\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (bnc#1012382).\n - pti: unbreak EFI (bsc#1074709).\n - r8152: fix the list rx_done may be used without initialization\n (bnc#1012382).\n - r8152: prevent the driver from transmitting packets with carrier off\n (bnc#1012382).\n - r8169: fix memory corruption on retrieval of hardware statistics\n (bnc#1012382).\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n - rdma/cma: Avoid triggering undefined behavior (bnc#1012382).\n - rdma/iser: Fix possible mr leak on device removal event (bnc#1012382).\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382).\n - regulator: Try to resolve regulators supplies on registration\n (bsc#1074847).\n - regulator: core: Rely on regulator_dev_release to free constraints\n (bsc#1074847).\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n - regulator: pwm: Fix regulator ramp delay for continuous mode\n (bsc#1074847).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n - ring-buffer: Mask out the info bits when returning buffer page length\n (bnc#1012382).\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n - route: update fnhe_expires for redirect when the fnhe exists\n (bnc#1012382).\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n - rtc: pl031: make interrupt optional (bnc#1012382).\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n - s390/pci: do not require AIS facility (bnc#1012382).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1012382).\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n - s390: always save and restore all registers on context switch\n (bnc#1012382).\n - s390: fix compat system call table (bnc#1012382).\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n - sched/deadline: Make sure the replenishment timer fires in the next\n period (bnc#1012382).\n - sched/deadline: Throttle a constrained deadline task activated after the\n deadline (bnc#1012382).\n - sched/deadline: Use deadline instead of period when calculating overflow\n (bnc#1012382).\n - sched/deadline: Use the revised wakeup rule for suspending constrained\n dl tasks (bnc#1012382).\n - sched/deadline: Zero out positive runtime after throttling constrained\n tasks (git-fixes).\n - sched/rt: Do not pull from current CPU if only one CPU to pull\n (bnc#1022476).\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n - scsi: check for device state in __scsi_remove_target() (bsc#1072589).\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n - scsi: fixup kernel warning during rmmod() (bsc#1052360).\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading\n (bnc#1012382).\n - scsi: hpsa: destroy sas transport properties before scsi_host\n (bnc#1012382).\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n - scsi: lpfc: Fix PT2PT PRLI reject (bnc#1012382).\n - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters\n (bnc#1012382).\n - scsi: lpfc: Fix secure firmware updates (bnc#1012382).\n - scsi: lpfc: PLOGI failures during NPIV testing (bnc#1012382).\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1\n volume created on two SATA drive (bnc#1012382).\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n - scsi: sd: change manage_start_stop to bool in sysfs interface\n (bnc#1012382).\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - sctp: Replace use of sockets_allocated with specified macro\n (bnc#1012382).\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address\n (bnc#1012382).\n - sctp: do not free asoc when it is already dead in sctp_sendmsg\n (bnc#1012382).\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n - selftests/x86/ldt_get: Add a few additional tests for limits\n (bnc#1012382).\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).\n - series.conf: fix wrong bsc reference\n - series.conf: whitespace cleanup\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n - sh_eth: fix TSU resource handling (bnc#1012382).\n - sit: update frag_off info (bnc#1012382).\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382).\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl\n (bnc#1012382).\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917).\n - sunrpc: add auth_unix hash_cred() function (bsc#1012917).\n - sunrpc: add generic_auth hash_cred() function (bsc#1012917).\n - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917).\n - sunrpc: replace generic auth_cred hash with auth-specific function\n (bsc#1012917).\n - sunrpc: use supplimental groups in auth hash (bsc#1012917).\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n - target/file: Do not return error for UNMAP if length is zero\n (bnc#1012382).\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()\n (bnc#1012382).\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK\n (bnc#1012382).\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n - target: fix ALUA transition timeout handling (bnc#1012382).\n - target: fix race during implicit transition work flushes (bnc#1012382).\n - target:fix condition return in core_pr_dump_initiator_port()\n (bnc#1012382).\n - tcp md5sig: Use skb's saddr when replying to an incoming segment\n (bnc#1012382).\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bnc#1012382).\n - thermal: hisilicon: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - tipc: fix cleanup at module unload (bnc#1012382).\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bnc#1012382).\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n - tracing: Fix possible double free on failure of allocating trace buffer\n (bnc#1012382).\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n - tty fix oops when rmmod 8250 (bnc#1012382).\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n - um: link vmlinux with -no-pie (bnc#1012382).\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n - usb: Fix off by one in type-specific length check of BOS SSP capability\n (git-fixes).\n - usb: Increase usbfs transfer limit (bnc#1012382).\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n - usb: core: Add type-specific length check of BOS descriptors\n (bnc#1012382).\n - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n - usb: devio: Prevent integer overflow in proc_do_submiturb()\n (bnc#1012382).\n - usb: fix usbmon BUG trigger (bnc#1012382).\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed\n (bnc#1012382).\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping\n (bnc#1012382).\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n - usb: gadgetfs: Fix a potential memory leak in 'dev_config()'\n (bnc#1012382).\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n - usb: misc: usb3503: make sure reset is low for at least 100us\n (bnc#1012382).\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled\n (git-fixes).\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub\n (bnc#1012382).\n - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ\n (bnc#1012382).\n - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n - usb: serial: option: add Quectel BG96 id (bnc#1012382).\n - usb: serial: option: add support for Telit ME910 PID 0x1101\n (bnc#1012382).\n - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID\n (bnc#1012382).\n - usb: usbfs: Filter flags passed in from user space (bnc#1012382).\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input\n (bnc#1012382).\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer\n (bnc#1012382).\n - usbip: fix usbip bind writing random string after command in match_busid\n (bnc#1012382).\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address\n (bnc#1012382).\n - usbip: remove kernel addresses from usb device and urb debug msgs\n (bnc#1012382).\n - usbip: stub: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usbip: vhci: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bnc#1012382).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bnc#1012382).\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n - vmxnet3: repair memory leak (bnc#1012382).\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bnc#1012382).\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq\n (bnc#1012382).\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n - x509: fix printing uninitialized stack memory when OID is empty\n (bsc#1075078).\n - x86/Documentation: Add PTI description (bnc#1012382).\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm\n (bnc#1012382).\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels\n (bnc#1012382).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382).\n - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382).\n - x86/efi: Build our own page table structures (bnc#1012382).\n - x86/efi: Hoist page table switching code into efi_call_virt()\n (bnc#1012382).\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()\n (bnc#1012382).\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bnc#1012382).\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier\n (git-fixes).\n - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers\n (bnc#1012382).\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n - x86/pti/efi: broken conversion from efi to kernel page table\n (bnc#1012382).\n - x86/pti: Document fix wrong index (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()\n (bnc#1012382).\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n - xen-netfront: avoid crashing on resume after a failure in\n talk_to_netback() (bnc#1012382).\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n - xfs: Add infrastructure needed for error propagation during buffer IO\n failure (bsc#1068569).\n - xfs: Properly retry failed inode items in case of error during buffer\n writeback (bsc#1068569).\n - xfs: add "fail at unmount" error handling configuration (bsc#1068569).\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n - xfs: add configuration of error failure speed (bsc#1068569).\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real\n (bnc#1012382).\n - xfs: fix log block underflow during recovery cycle verification\n (bnc#1012382).\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n - xfs: introduce metadata IO error class (bsc#1068569).\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n - xhci: Do not add a virt_dev to the devs array before it's fully\n allocated (bnc#1012382).\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()\n (bnc#1012382).\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n - zram: set physical queue limits to avoid array out of bounds accesses\n (bnc#1012382).\n\n", "edition": 1, "modified": "2018-02-09T21:15:14", "published": "2018-02-09T21:15:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html", "id": "SUSE-SU-2018:0416-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-07T20:55:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel in the function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel has a race condition in inet->hdrincl that leads to\n uninitialized stack pointer usage; this allowed a local user to execute\n code and gain privileges (bnc#1073229).\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a "pointer leak (bnc#1073928).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n existed in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n - acpi / scan: Prefer devices without _HID/_CID for _ADR matching\n (bnc#1012382).\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n - afs: Adjust mode bits processing (bnc#1012382).\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n - afs: Fix afs_kill_pages() (bnc#1012382).\n - afs: Fix missing put_page() (bnc#1012382).\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n - afs: Populate and use client modification time (bnc#1012382).\n - afs: Populate group ID from vnode status (bnc#1012382).\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n - alpha: fix build failures (bnc#1012382).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1031717).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds\n (bsc#1031717).\n - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717).\n - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717).\n - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717).\n - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717).\n - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717).\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant\n (bsc#1031717).\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n - alsa: hda - change the location for one mic on a Lenovo machine\n (bsc#1031717).\n - alsa: hda: Drop useless WARN_ON() (bsc#1031717).\n - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717).\n - alsa: hda - fix headset mic detection issue on a Dell machine\n (bsc#1031717).\n - alsa: hda - fix headset mic problem for Dell machines with alc274\n (bsc#1031717).\n - alsa: hda - Fix headset microphone detection for ASUS N551 and N751\n (bsc#1031717).\n - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717).\n - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717).\n - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717).\n - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717).\n - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717).\n - alsa: hda/realtek - Add default procedure for suspend and resume state\n (bsc#1031717).\n - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic\n (bsc#1031717).\n - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717).\n - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717).\n - alsa: hda/realtek - change the location for one of two front microphones\n (bsc#1031717).\n - alsa: hda/realtek - Enable jack detection function for Intel ALC700\n (bsc#1031717).\n - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717).\n - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717).\n - alsa: hda/realtek - Fix headset and mic on several Asus laptops with\n ALC256 (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV\n (bsc#1031717).\n - alsa: hda/realtek - fix headset mic detection for MSI MS-B120\n (bsc#1031717).\n - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255\n (bsc#1031717).\n - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717).\n - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE\n (bsc#1031717).\n - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717).\n - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717).\n - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289\n (bsc#1031717).\n - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717).\n - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717).\n - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717).\n - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717).\n - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717).\n - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294\n (bsc#1031717).\n - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294\n (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717).\n - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717).\n - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1031717).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717).\n - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717).\n - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717).\n - alsa: usb-audio: Fix out-of-bound error (bsc#1031717).\n - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU\n (bsc#1031717).\n - arc: uaccess: dont use "l" gcc inline asm constraint modifier\n (bnc#1012382).\n - arm64: Add skeleton to harden the branch predictor against aliasing\n attacks (bsc#1068032).\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n - arm64: cpufeature: Pass capability structure to ->enable callback\n (bsc#1068032).\n - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).\n - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75\n (bsc#1068032).\n - arm64: debug: remove unused local_dbg_{enable, disable} macros\n (bsc#1068032).\n - arm64: Define cputype macros for Falkor CPU (bsc#1068032).\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: entry: Add exception trampoline page for exceptions from EL0\n (bsc#1068032).\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0\n (bsc#1068032).\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro\n (bsc#1068032).\n - arm64: entry: Hook up entry trampoline to exception vectors\n (bsc#1068032).\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n - arm64: entry.S convert el0_sync (bsc#1068032).\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n - arm64: entry.S: move SError handling into a C function for future\n expansion (bsc#1068032).\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code\n (bsc#1068032).\n - arm64: explicitly mask all exceptions (bsc#1068032).\n - arm64: factor out entry stack manipulation (bsc#1068032).\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros\n (bsc#1068032).\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm\n macro (bsc#1068032).\n - arm64: factor work_pending state machine to C (bsc#1068032).\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n - arm64: Handle faults caused by inadvertent user access with PAN enabled\n (bsc#1068032).\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs\n (bsc#1068032).\n - arm64: Implement branch predictor hardening for Falkor (bsc#1068032).\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n - arm64: introduce an order for exceptions (bsc#1068032).\n - arm64: introduce mov_q macro to move a constant into a 64-bit register\n (bsc#1068032).\n - arm64: Introduce uaccess_{disable,enable} functionality based on\n TTBR0_EL1 (bsc#1068032).\n - arm64: kaslr: Put kernel vectors address in separate data page\n (bsc#1068032).\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n - arm64: kpti: Fix the interaction between ASID switching and software PAN\n (bsc#1068032).\n - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bsc#1076232).\n - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032).\n - arm64: kvm: Use per-CPU vector when BP hardening is enabled\n (bsc#1068032).\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR\n (bsc#1068032).\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI\n (bsc#1068032).\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables\n (bsc#1068032).\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003\n (bsc#1068032).\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n - arm64: Move the async/fiq helpers to explicitly set process context\n flags (bsc#1068032).\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to\n init_mm (bsc#1068032).\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n - arm64: swp emulation: bound LL/SC retries before rescheduling\n (bsc#1068032).\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg\n (bsc#1068032).\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n - arm64: thunderx2: remove branch predictor hardening References:\n bsc#1076232 This causes undefined instruction abort on the smc call from\n guest kernel. Disable until kvm is fixed.\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks\n (bsc#1068032).\n - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).\n - arm64: use alternative auto-nop (bsc#1068032).\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n - arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032).\n - arm: avoid faulting on qemu (bnc#1012382).\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed\n memory (bnc#1012382).\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7\n (bnc#1012382).\n - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio\n (bnc#1012382).\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n - arm: kprobes: Fix the return address of multiple kretprobes\n (bnc#1012382).\n - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure\n (bnc#1012382).\n - arm: OMAP2+: Release device node after it is no longer needed\n (bnc#1012382).\n - asm-prototypes: Clear any CPP defines before declaring the functions\n (git-fixes).\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n - asn.1: fix out-of-bounds read when parsing indefinite length item\n (bnc#1012382).\n - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure\n (bsc#1031717).\n - asoc: twl4030: fix child-node lookup (bsc#1031717).\n - asoc: wm_adsp: Fix validation of firmware and coeff lengths\n (bsc#1031717).\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n - atm: horizon: Fix irq release error (bnc#1012382).\n - audit: ensure that 'audit=1' actually enables audit for PID 1\n (bnc#1012382).\n - axonram: Fix gendisk handling (bnc#1012382).\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: bch_allocator_thread() is not freezable (bsc#1076110).\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: Fix building error on MIPS (bnc#1012382).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n - bcache: gc does not work when triggering by manual command (bsc#1076110,\n bsc#1038078).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bnc#1012382 bsc#1043652).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110, bsc#1019784).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bnc#1012382\n bsc#1043652).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - be2net: restore properly promisc mode after queues reconfiguration\n (bsc#963844 FATE#320192).\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure\n (bnc#1012382).\n - bnx2x: fix possible overrun of VFPF multicast addresses array\n (bnc#1012382).\n - bnx2x: prevent crash when accessing PTP with interface down\n (bnc#1012382).\n - btrfs: add missing memset while reading compressed inline extents\n (bnc#1012382).\n - btrfs: clear space cache inode generation always (bnc#1012382).\n - btrfs: embed extent_changeset::range_changed to the structure (dependent\n patch, bsc#1031395).\n - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing\n reserved ranges (bsc#1031395).\n - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered\n write and quotas being enabled (bsc#1031395).\n - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions\n (dependent patch, bsc#1031395).\n - btrfs: qgroup: Return actually freed bytes for qgroup release or free\n data (bsc#1031395).\n - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make\n CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile).\n - btrfs: ulist: make the finalization function public (dependent patch,\n bsc#1031395).\n - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch,\n bsc#1031395).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bnc#1012382).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bnc#1012382).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bnc#1012382).\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bnc#1012382).\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - ceph: more accurate statfs (bsc#1077068).\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o\n VPU (bnc#1012382).\n - clk: mediatek: add the option for determining PLL source clock\n (bnc#1012382).\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n - config: arm64: enable HARDEN_BRANCH_PREDICTOR\n - config: arm64: enable UNMAP_KERNEL_AT_EL0\n - cpuidle: fix broadcast control when broadcast can not be entered\n (bnc#1012382).\n - cpuidle: powernv: Pass correct drv->cpumask for registration\n (bnc#1012382).\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns()\n (bnc#1012382).\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).\n - crypto: crypto4xx - increase context and scatter ring buffer elements\n (bnc#1012382).\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex\n (bnc#1012382).\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n - crypto: n2 - cure use after free (bnc#1012382).\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler\n (bnc#1012382).\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n - cxl: Check if vphb exists before iterating over AFU devices\n (bsc#1066223).\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state\n (bnc#1012382).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bnc#1012382).\n - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()\n (bnc#1012382).\n - dmaengine: pl330: fix double lock (bnc#1012382).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bnc#1012382).\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)\n (bnc#1012382).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n - drivers/firmware: Expose psci_get_version through psci_ops structure\n (bsc#1068032).\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n - drm: extra printk() wrapper macros (bnc#1012382).\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement\n (bnc#1012382).\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU\n (bnc#1012382).\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n - drm/radeon: fix atombios on big endian (bnc#1012382).\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE\n instead of 0 (bnc#1012382).\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n - eeprom: at24: check at24_read/write arguments (bnc#1012382).\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bnc#1012382).\n - Fix EX_SIZE. We do not have the patches that shave off parts of the\n exception data.\n - Fix mishandling of cases with MSR not being present (writing to MSR even\n though _state == -1).\n - Fix return value from ib[rs|pb]_enabled()\n - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n - flow_dissector: properly cap thoff field (bnc#1012382).\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - gfs2: Take inode off order_write list when setting jdata flag\n (bnc#1012382).\n - gpio: altera: Use handle_level_irq when configured as a level_high\n (bnc#1012382).\n - hid: chicony: Add support for another ASUS Zen AiO keyboard\n (bnc#1012382).\n - hid: xinmo: fix for out of range for THT 2P arcade controller\n (bnc#1012382).\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n - i40iw: Account for IPv6 header when setting MSS (bsc#1024376\n FATE#321249).\n - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).\n - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).\n - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376\n FATE#321249).\n - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).\n - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376\n FATE#321249).\n - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE\n (bsc#1024376 FATE#321249).\n - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).\n - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376\n FATE#321249).\n - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).\n - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376\n FATE#321249).\n - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376\n FATE#321249).\n - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376\n FATE#321249).\n - i40iw: Move MPA request event for loopback after connect (bsc#1024376\n FATE#321249).\n - i40iw: Notify user of established connection after QP in RTS\n (bsc#1024376 FATE#321249).\n - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).\n - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).\n - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818\n FATE#319242).\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush\n (git-fixes).\n - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop\n (bnc#1012382).\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n - ibmvnic: Modify buffer size and number of queues on failover\n (bsc#1076872).\n - ibmvnic: Revert to previous mtu when unsupported value requested\n (bsc#1076872).\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818,\n fate#319242).\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).\n - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp()\n (FATE#321231 FATE#321473 FATE#322153 FATE#322149).\n - igb: check memory allocation failure (bnc#1012382).\n - ima: fix hash algorithm initialization (bnc#1012382).\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n - input: elantech - add new icbody type 15 (bnc#1012382).\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list\n (bnc#1012382).\n - input: trackpoint - force 3 buttons if 0 button is reported\n (bnc#1012382).\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912\n FATE#321246).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912\n FATE#321246).\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (bnc#1012382).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (bnc#1012382).\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129).\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref\n (bnc#1012382).\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n - iser-target: Fix possible use-after-free in connection establishment\n error (FATE#321732).\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658\n FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781).\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n - kabi fix for new hash_cred function (bsc#1012917).\n - kabi: Keep KVM stable after enable s390 wire up bpb feature\n (bsc#1076805).\n - kABI: protect struct bpf_map (kabi).\n - kABI: protect struct ipv6_pinfo (kabi).\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n - kABI: protect struct usbip_device (kabi).\n - kabi/severities: arm64: ignore cpu capability array\n - kabi/severities: do not care about stuff_RSB\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (bnc#1012382).\n - kernel: make groups_sort calling a responsibility group_info allocators\n (bnc#1012382).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (bnc#1012382).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (bnc#1012382).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (bnc#1012382).\n - keys: add missing permission check for request_key() destination\n (bnc#1012382).\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n - kpti: Report when enabled (bnc#1012382).\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset\n (bnc#1012382).\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables\n (bnc#1012382).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (bsc#1076805).\n - kvm: s390: wire up bpb feature (bsc#1076805).\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032).\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n - kvm: x86: Exit to user-mode on #UD intercept when emulator requires\n (bnc#1012382).\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382).\n - kvm: x86: pvclock: Handle first-time write to pvclock-page contains\n random junk (bnc#1012382).\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices\n (bnc#1012382).\n - libata: drop WARN from protocol error in ata_sff_qc_issue()\n (bnc#1012382).\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n - macvlan: Only deliver one copy of the frame to the macvlan interface\n (bnc#1012382).\n - md: more open-coded offset_in_page() (bsc#1076110).\n - media: dvb: i2c transfers over usb cannot be done from stack\n (bnc#1012382).\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers\n (bnc#1012382).\n - mmc: core: Do not leave the block driver in a suspended state\n (bnc#1012382).\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong\n (bnc#1012382).\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n - mm/mprotect: add a cond_resched() inside change_pmd_range()\n (bnc#1077871, bnc#1078002).\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP\n (bnc#1012382).\n - module: Add retpoline tag to VERMAGIC (bnc#1012382).\n - module: set __jump_table alignment to 8 (bnc#1012382).\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (bnc#1012382).\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values\n (bnc#1012382).\n - net: bcmgenet: power down internal phy if open or resume fails\n (bnc#1012382).\n - net: bcmgenet: Power up the internal PHY before probing the MII\n (bnc#1012382).\n - net: bcmgenet: reserved phy revisions must be checked first\n (bnc#1012382).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (bnc#1012382).\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n - net: Do not allow negative values for busy_read and busy_poll sysctl\n interfaces (bnc#1012382).\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n - netfilter: do not track fragmented packets (bnc#1012382).\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash\n table (bnc#1012382).\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates\n (bnc#1012382).\n - net: Fix double free and memory corruption in get_net_ns_by_id()\n (bnc#1012382).\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n - netlink: add a start callback for starting a netlink dump (bnc#1012382).\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y\n (bnc#1012382).\n - net/mlx5: Avoid NULL pointer dereference on steering cleanup\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172\n FATE#320226).\n - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare\n (bsc#1015342).\n - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n - net: mvneta: eliminate wrong call to handle rx descriptor error\n (fate#319899).\n - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899).\n - net/packet: fix a race in packet_bind() and packet_notifier()\n (bnc#1012382).\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (bnc#1012382).\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4\n (bnc#1012382).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (bnc#1012382).\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n - nfsd: Fix another OPEN stateid race (bnc#1012382).\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382).\n - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382).\n - nfs: Do not take a reference on fl->fl_file for LOCK operation\n (bnc#1012382).\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n - nfs: improve shinking of access cache (bsc#1012917).\n - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n - nfsv4: Fix client recovery when server reboots multiple times\n (bnc#1012382).\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()\n (bnc#1012382).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1012382).\n - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811).\n - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811).\n - nvme-pci: Remove watchdog timer (bsc#1066163).\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel\n (bnc#1012382).\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n - partially revert tipc improve link resiliency when rps is activated\n (bsc#1068038).\n - pci/AER: Report non-fatal errors only to the affected endpoint\n (bnc#1012382).\n - pci: Avoid bus reset if bridge itself is broken (bnc#1012382).\n - pci: Create SR-IOV virtfn/physfn links before attaching driver\n (bnc#1012382).\n - pci: Detach driver before procfs & sysfs teardown on device remove\n (bnc#1012382).\n - pci/PME: Handle invalid data when reading Root Status (bnc#1012382).\n - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases\n (bnc#1012382).\n - perf test attr: Fix ignored test case result (bnc#1012382).\n - phy: work around 'phys' references to usb-nop-xceiv devices\n (bnc#1012382).\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075087).\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo\n (bnc#1012382).\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested\n (bnc#1012382).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback\n after system boot (bsc#1068032, bsc#1075087).\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (bnc#1012382).\n - pti: unbreak EFI (bsc#1074709).\n - r8152: fix the list rx_done may be used without initialization\n (bnc#1012382).\n - r8152: prevent the driver from transmitting packets with carrier off\n (bnc#1012382).\n - r8169: fix memory corruption on retrieval of hardware statistics\n (bnc#1012382).\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n - rdma/cma: Avoid triggering undefined behavior (bnc#1012382).\n - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249).\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382).\n - Re-enable fixup detection by CPU type in case hypervisor call fails.\n - regulator: core: Rely on regulator_dev_release to free constraints\n (bsc#1074847).\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n - regulator: pwm: Fix regulator ramp delay for continuous mode\n (bsc#1074847).\n - regulator: Try to resolve regulators supplies on registration\n (bsc#1074847).\n - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"\n (bnc#1012382).\n - Revert "drm/armada: Fix compile fail" (bnc#1012382).\n - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382).\n - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi).\n - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi).\n - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (kabi).\n - Revert "netlink: add a start callback for starting a netlink dump"\n (kabi).\n - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"\n (bnc#1012382).\n - Revert "Re-enable fixup detection by CPU type in case hypervisor call\n fails." The firmware update is required for the existing instructions to\n also do the cache flush.\n - Revert "s390/kbuild: enable modversions for symbols exported from asm"\n (bnc#1012382).\n - Revert "sched/deadline: Use the revised wakeup rule for suspending\n constrained dl tasks" (kabi).\n - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline"\n (kabi).\n - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382).\n - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"\n (bnc#1012382).\n - Revert "x86/efi: Build our own page table structures" (bnc#1012382).\n - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"\n (bnc#1012382).\n - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"\n (bnc#1012382).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n - ring-buffer: Mask out the info bits when returning buffer page length\n (bnc#1012382).\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n - route: update fnhe_expires for redirect when the fnhe exists\n (bnc#1012382).\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n - rtc: pl031: make interrupt optional (bnc#1012382).\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n - s390: always save and restore all registers on context switch\n (bnc#1012382).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847,\n LTC#163740).\n - s390: fix compat system call table (bnc#1012382).\n - s390/pci: do not require AIS facility (bnc#1012382).\n - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382\n bnc#1053472).\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n - sched/deadline: Make sure the replenishment timer fires in the next\n period (bnc#1012382).\n - sched/deadline: Throttle a constrained deadline task activated after the\n deadline (bnc#1012382).\n - sched/deadline: Use deadline instead of period when calculating overflow\n (bnc#1012382).\n - sched/deadline: Use the revised wakeup rule for suspending constrained\n dl tasks (bnc#1012382).\n - sched/deadline: Zero out positive runtime after throttling constrained\n tasks (git-fixes).\n - sched/rt: Do not pull from current CPU if only one CPU to pull\n (bnc#1022476).\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138).\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading\n (bnc#1012382).\n - scsi: hpsa: destroy sas transport properties before scsi_host\n (bnc#1012382).\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838).\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1\n volume created on two SATA drive (bnc#1012382).\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n - scsi: sd: change manage_start_stop to bool in sysfs interface\n (bnc#1012382).\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address\n (bnc#1012382).\n - sctp: do not free asoc when it is already dead in sctp_sendmsg\n (bnc#1012382).\n - sctp: Replace use of sockets_allocated with specified macro\n (bnc#1012382).\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n - selftests/x86/ldt_get: Add a few additional tests for limits\n (bnc#1012382).\n - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n - series.conf: move core networking (including netfilter) into sorted\n section\n - series.conf: whitespace cleanup\n - Set supported_modules_check 1 (bsc#1072163).\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n - sh_eth: fix TSU resource handling (bnc#1012382).\n - sit: update frag_off info (bnc#1012382).\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382).\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl\n (bnc#1012382).\n - sunrpc: add auth_unix hash_cred() function (bsc#1012917).\n - sunrpc: add generic_auth hash_cred() function (bsc#1012917).\n - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917).\n - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917).\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n - sunrpc: replace generic auth_cred hash with auth-specific function\n (bsc#1012917).\n - sunrpc: use supplimental groups in auth hash (bsc#1012917).\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK\n (bnc#1012382).\n - target/file: Do not return error for UNMAP if length is zero\n (bnc#1012382).\n - target: fix ALUA transition timeout handling (bnc#1012382).\n - target:fix condition return in core_pr_dump_initiator_port()\n (bnc#1012382).\n - target: fix race during implicit transition work flushes (bnc#1012382).\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()\n (bnc#1012382).\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n - tcp md5sig: Use skb's saddr when replying to an incoming segment\n (bnc#1012382).\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bnc#1012382).\n - thermal: hisilicon: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - tipc: fix cleanup at module unload (bnc#1012382).\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bnc#1012382).\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n - tracing: Fix possible double free on failure of allocating trace buffer\n (bnc#1012382).\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n - tty fix oops when rmmod 8250 (bnc#1012382).\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n - um: link vmlinux with -no-pie (bnc#1012382).\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n - usb: core: Add type-specific length check of BOS descriptors\n (bnc#1012382).\n - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n - usb: devio: Prevent integer overflow in proc_do_submiturb()\n (bnc#1012382).\n - usb: Fix off by one in type-specific length check of BOS SSP capability\n (git-fixes).\n - usb: fix usbmon BUG trigger (bnc#1012382).\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping\n (bnc#1012382).\n - usb: gadgetfs: Fix a potential memory leak in 'dev_config()'\n (bnc#1012382).\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed\n (bnc#1012382).\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n - usb: Increase usbfs transfer limit (bnc#1012382).\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input\n (bnc#1012382).\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer\n (bnc#1012382).\n - usbip: fix usbip bind writing random string after command in match_busid\n (bnc#1012382).\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address\n (bnc#1012382).\n - usbip: remove kernel addresses from usb device and urb debug msgs\n (bnc#1012382).\n - usbip: stub: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usbip: vhci: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usb: misc: usb3503: make sure reset is low for at least 100us\n (bnc#1012382).\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled\n (git-fixes).\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub\n (bnc#1012382).\n - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ\n (bnc#1012382).\n - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n - usb: serial: option: add Quectel BG96 id (bnc#1012382).\n - usb: serial: option: add support for Telit ME910 PID 0x1101\n (bnc#1012382).\n - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID\n (bnc#1012382).\n - usb: usbfs: Filter flags passed in from user space (bnc#1012382).\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bnc#1012382).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bnc#1012382).\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n - vmxnet3: repair memory leak (bnc#1012382).\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bnc#1012382).\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq\n (bnc#1012382).\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n - x509: fix printing uninitialized stack memory when OID is empty\n (bsc#1075078).\n - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm\n (bnc#1012382).\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels\n (bnc#1012382).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).\n - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025).\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n - x86/Documentation: Add PTI description (bnc#1012382).\n - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382).\n - x86/efi: Build our own page table structures (fate#320512).\n - x86/efi: Hoist page table switching code into efi_call_virt()\n (fate#320512).\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()\n (bnc#1012382).\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bnc#1012382).\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier\n (git-fixes).\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers\n (fate#320588).\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n - x86/pti: Document fix wrong index (bnc#1012382).\n - x86/pti/efi: broken conversion from efi to kernel page table\n (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()\n (bnc#1012382).\n - xen-netfront: avoid crashing on resume after a failure in\n talk_to_netback() (bnc#1012382).\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n - xfs: add configuration of error failure speed (bsc#1068569).\n - xfs: add "fail at unmount" error handling configuration (bsc#1068569).\n - xfs: Add infrastructure needed for error propagation during buffer IO\n failure (bsc#1068569).\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real\n (bnc#1012382).\n - xfs: fix log block underflow during recovery cycle verification\n (bnc#1012382).\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n - xfs: introduce metadata IO error class (bsc#1068569).\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n - xfs: Properly retry failed inode items in case of error during buffer\n writeback (bsc#1068569).\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n - xhci: Do not add a virt_dev to the devs array before it's fully\n allocated (bnc#1012382).\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()\n (bnc#1012382).\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n - zram: set physical queue limits to avoid array out of bounds accesses\n (bnc#1012382).\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n\n", "edition": 1, "modified": "2018-02-07T18:08:53", "published": "2018-02-07T18:08:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html", "id": "SUSE-SU-2018:0383-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-29T16:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "description": "The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's\n assigned to guests to send ethernet flow control pause frames via the\n PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the\n DPDK, additionally multiple vendor NIC firmware is affected\n (bnc#1077355).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port->exists value can change after it is validated (bnc#1077922).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n exists in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n\n The following non-security bugs were fixed:\n\n - Add proper NX hadnling for !NX-capable systems also to\n kaiser_add_user_map(). (bsc#1076278).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1045538).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n - alsa: aloop: Release cable upon open error path (bsc#1045538).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1045538).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n - btrfs: cleanup unnecessary assignment when cleaning up all the residual\n transaction (FATE#325056).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: do not wait for all the writers circularly during the transaction\n commit (FATE#325056).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1080363).\n - btrfs: fix two use-after-free bugs with transaction cleanup\n (FATE#325056).\n - btrfs: make the state of the transaction more readable (FATE#325056).\n - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#1080685).\n - btrfs: reset intwrite on transaction abort (FATE#325056).\n - btrfs: set qgroup_ulist to be null after calling ulist_free()\n (bsc#1080359).\n - btrfs: stop waiting on current trans if we aborted (FATE#325056).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n - dm flakey: add drop_writes (bsc#1080372).\n - dm flakey: error READ bios during the down_interval (bsc#1080372).\n - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n - dm flakey: fix reads to be issued if drop_writes configured\n (bsc#1080372).\n - dm flakey: introduce "error_writes" feature (bsc#1080372).\n - dm flakey: support feature args (bsc#1080372).\n - dm flakey: use dm_target_offset and support discards (bsc#1080372).\n - ext2: free memory allocated and forget buffer head when io error happens\n (bnc#1069508).\n - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - ext3: add necessary check in case IO error happens (bnc#1069508).\n - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kabi/severities ignore Cell-specific symbols\n - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call\n cannot make assumption of accessible stack after CR3 switch, and\n therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the\n pagetable hierarchy.\n - kaiser: Fix trampoline stack loading issue on XEN PV\n - kaiser: handle non-accessible stack in sysretl_from_sys_call properly\n (bsc#bsc#1080579)\n - kaiser: make sure not to touch stack after CR3 switch in compat syscall\n return\n - kaiser: really do switch away from trampoline stack to kernel stack in\n ia32_syscall entry (bsc#1080579)\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - keys: trusted: fix writing past end of buffer in trusted_read()\n (bsc#1074880).\n - media: omap_vout: Fix a possible null pointer dereference in\n omap_vout_open() (bsc#1050431).\n - mISDN: fix a loop count (bsc#1077191).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert\n thread (bsc#1076437).\n - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can\n not be granted at once (bsc#1076437).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075088).\n - powerpc: Fix register clobbering when accumulating stolen time\n (bsc#1059174).\n - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,\n git-fixes).\n - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Kill all prefetch streams on context switch\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1075088).\n - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075088).\n - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1075088).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1075088).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,\n bsc#1075088).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - scsi: virtio_scsi: let host do exception handling\n (bsc#936530,bsc#1060682).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - Update config files: enable CPU vulnerabilities reporting via sysfs\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "edition": 1, "modified": "2018-03-29T15:07:44", "published": "2018-03-29T15:07:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html", "id": "SUSE-SU-2018:0841-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-09T18:54:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a "pointer leak (bnc#1073928).\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel had a race condition in inet->hdrincl that lead to\n uninitialized stack pointer usage; this allowed a local user to execute\n code and gain privileges (bnc#1073229 1073230).\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption)\n or possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2018-1000004: In the Linux kernel versions a race condition\n vulnerability existed in the sound system, this can lead to a deadlock\n and denial of service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - 509: fix printing uninitialized stack memory when OID is empty\n (bsc#1075078).\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n - acpi / scan: Prefer devices without _HID/_CID for _ADR matching\n (bnc#1012382).\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n - afs: Adjust mode bits processing (bnc#1012382).\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n - afs: Fix afs_kill_pages() (bnc#1012382).\n - afs: Fix missing put_page() (bnc#1012382).\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n - afs: Populate and use client modification time (bnc#1012382).\n - afs: Populate group ID from vnode status (bnc#1012382).\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n - alpha: fix build failures (bnc#1012382).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1031717).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant\n (bsc#1031717).\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1031717).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n - arc: uaccess: dont use "l" gcc inline asm constraint modifier\n (bnc#1012382).\n - arm64: Add skeleton to harden the branch predictor against aliasing\n attacks (bsc#1068032).\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n - arm64: cpufeature: Pass capability structure to ->enable callback\n (bsc#1068032).\n - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).\n - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75\n (bsc#1068032).\n - arm64: debug: remove unused local_dbg_{enable, disable} macros\n (bsc#1068032).\n - arm64: Define cputype macros for Falkor CPU (bsc#1068032).\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: entry: Add exception trampoline page for exceptions from EL0\n (bsc#1068032).\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0\n (bsc#1068032).\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro\n (bsc#1068032).\n - arm64: entry: Hook up entry trampoline to exception vectors\n (bsc#1068032).\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n - arm64: entry.S convert el0_sync (bsc#1068032).\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n - arm64: entry.S: move SError handling into a C function for future\n expansion (bsc#1068032).\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code\n (bsc#1068032).\n - arm64: explicitly mask all exceptions (bsc#1068032).\n - arm64: factor out entry stack manipulation (bsc#1068032).\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros\n (bsc#1068032).\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm\n macro (bsc#1068032).\n - arm64: factor work_pending state machine to C (bsc#1068032).\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n - arm64: Handle faults caused by inadvertent user access with PAN enabled\n (bsc#1068032).\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs\n (bsc#1068032).\n - arm64: Implement branch predictor hardening for Falkor (bsc#1068032).\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n - arm64: introduce an order for exceptions (bsc#1068032).\n - arm64: introduce mov_q macro to move a constant into a 64-bit register\n (bsc#1068032).\n - arm64: Introduce uaccess_{disable,enable} functionality based on\n TTBR0_EL1 (bsc#1068032).\n - arm64: kaslr: Put kernel vectors address in separate data page\n (bsc#1068032).\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n - arm64: kpti: Fix the interaction between ASID switching and software PAN\n (bsc#1068032).\n - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bsc#1076232).\n - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm64: KVM: Make PSCI_VERSION a fast path (bsc#1068032).\n - arm64: KVM: Use per-CPU vector when BP hardening is enabled\n (bsc#1068032).\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR\n (bsc#1068032).\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI\n (bsc#1068032).\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables\n (bsc#1068032).\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003\n (bsc#1068032).\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n - arm64: Move the async/fiq helpers to explicitly set process context\n flags (bsc#1068032).\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to\n init_mm (bsc#1068032).\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n - arm64: swp emulation: bound LL/SC retries before rescheduling\n (bsc#1068032).\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg\n (bsc#1068032).\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n - arm64: thunderx2: remove branch predictor hardening References:\n bsc#1076232 This causes undefined instruction abort on the smc call from\n guest kernel. Disable until kvm is fixed.\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks\n (bsc#1068032).\n - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).\n - arm64: use alternative auto-nop (bsc#1068032).\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n - arm/arm64: KVM: Make default HYP mappings non-excutable (bsc#1068032).\n - arm: avoid faulting on qemu (bnc#1012382).\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed\n memory (bnc#1012382).\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7\n (bnc#1012382).\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n - arm: kprobes: Fix the return address of multiple kretprobes\n (bnc#1012382).\n - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure\n (bnc#1012382).\n - arm: OMAP2+: Release device node after it is no longer needed\n (bnc#1012382).\n - asm-prototypes: Clear any CPP defines before declaring the functions\n (git-fixes).\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n - asn.1: fix out-of-bounds read when parsing indefinite length item\n (bnc#1012382).\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n - atm: horizon: Fix irq release error (bnc#1012382).\n - audit: ensure that 'audit=1' actually enables audit for PID 1\n (bnc#1012382).\n - axonram: Fix gendisk handling (bnc#1012382).\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: bch_allocator_thread() is not freezable (bsc#1076110).\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n - bcache: gc does not work when triggering by manual command (bsc#1076110,\n bsc#1038078).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bnc#1012382 bsc#1043652).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110, bsc#1019784).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bnc#1012382\n bsc#1043652).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - be2net: restore properly promisc mode after queues reconfiguration\n (bsc#963844 FATE#320192).\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure\n (bnc#1012382).\n - bnx2x: fix possible overrun of VFPF multicast addresses array\n (bnc#1012382).\n - bnx2x: prevent crash when accessing PTP with interface down\n (bnc#1012382).\n - btrfs: add missing memset while reading compressed inline extents\n (bnc#1012382).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bnc#1012382).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bnc#1012382).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bnc#1012382).\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bnc#1012382).\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - ceph: more accurate statfs (bsc#1077068).\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o\n VPU (bnc#1012382).\n - clk: mediatek: add the option for determining PLL source clock\n (bnc#1012382).\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n - config: arm64: enable HARDEN_BRANCH_PREDICTOR\n - config: arm64: enable UNMAP_KERNEL_AT_EL0\n - cpuidle: fix broadcast control when broadcast can not be entered\n (bnc#1012382).\n - cpuidle: powernv: Pass correct drv->cpumask for registration\n (bnc#1012382).\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns()\n (bnc#1012382).\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).\n - crypto: crypto4xx - increase context and scatter ring buffer elements\n (bnc#1012382).\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex\n (bnc#1012382).\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n - crypto: n2 - cure use after free (bnc#1012382).\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler\n (bnc#1012382).\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n - cxl: Check if vphb exists before iterating over AFU devices\n (bsc#1066223).\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state\n (bnc#1012382).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bnc#1012382).\n - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()\n (bnc#1012382).\n - dmaengine: pl330: fix double lock (bnc#1012382).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bnc#1012382).\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)\n (bnc#1012382).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n - drivers/firmware: Expose psci_get_version through psci_ops structure\n (bsc#1068032).\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n - drm: extra printk() wrapper macros (bnc#1012382).\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement\n (bnc#1012382).\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU\n (bnc#1012382).\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE\n instead of 0 (bnc#1012382).\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bnc#1012382).\n - Fix build error in vma.c (bnc#1012382).\n - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n - flow_dissector: properly cap thoff field (bnc#1012382).\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - gfs2: Take inode off order_write list when setting jdata flag\n (bnc#1012382).\n - gpio: altera: Use handle_level_irq when configured as a level_high\n (bnc#1012382).\n - hid: chicony: Add support for another ASUS Zen AiO keyboard\n (bnc#1012382).\n - hid: xinmo: fix for out of range for THT 2P arcade controller\n (bnc#1012382).\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n - i40iw: Account for IPv6 header when setting MSS (bsc#1024376\n FATE#321249).\n - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).\n - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).\n - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376\n FATE#321249).\n - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).\n - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376\n FATE#321249).\n - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE\n (bsc#1024376 FATE#321249).\n - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).\n - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376\n FATE#321249).\n - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).\n - i40iw: Fix sequence number for the first partial FPDU (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376\n FATE#321249).\n - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376\n FATE#321249).\n - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376\n FATE#321249).\n - i40iw: Move MPA request event for loopback after connect (bsc#1024376\n FATE#321249).\n - i40iw: Notify user of established connection after QP in RTS\n (bsc#1024376 FATE#321249).\n - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).\n - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376\n FATE#321249).\n - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).\n - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818\n FATE#319242).\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush\n (git-fixes).\n - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop\n (bnc#1012382).\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n - ibmvnic: fix firmware version when no firmware level has been provided\n by the VIOS server (bsc#1079038).\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n - ibmvnic: Modify buffer size and number of queues on failover\n (bsc#1076872).\n - ibmvnic: Revert to previous mtu when unsupported value requested\n (bsc#1076872).\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231\n FATE#321473).\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818,\n fate#319242).\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).\n - igb: check memory allocation failure (bnc#1012382).\n - ima: fix hash algorithm initialization (bnc#1012382).\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n - input: elantech - add new icbody type 15 (bnc#1012382).\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list\n (bnc#1012382).\n - input: trackpoint - force 3 buttons if 0 button is reported\n (bnc#1012382).\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912\n FATE#321246).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (bnc#1012382).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (bnc#1012382).\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129).\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref\n (bnc#1012382).\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n - iser-target: Fix possible use-after-free in connection establishment\n error (FATE#321732).\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n - kabi: Keep KVM stable after enable s390 wire up bpb feature\n (bsc#1076805).\n - kABI: protect struct bpf_map (kabi).\n - kABI: protect struct ipv6_pinfo (kabi).\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n - kABI: protect struct usbip_device (kabi).\n - kabi/severities: arm64: ignore cpu capability array\n - kabi/severities: do not care about stuff_RSB\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (bnc#1012382).\n - kernel: make groups_sort calling a responsibility group_info allocators\n (bnc#1012382).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (bnc#1012382).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (bnc#1012382).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (bnc#1012382).\n - keys: add missing permission check for request_key() destination\n (bnc#1012382).\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n - kpti: Report when enabled (bnc#1012382).\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset\n (bnc#1012382).\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables\n (bnc#1012382).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (bsc#1076805).\n - kvm: s390: wire up bpb feature (bsc#1076805).\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032).\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices\n (bnc#1012382).\n - libata: drop WARN from protocol error in ata_sff_qc_issue()\n (bnc#1012382).\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n - macvlan: Only deliver one copy of the frame to the macvlan interface\n (bnc#1012382).\n - md: more open-coded offset_in_page() (bsc#1076110).\n - media: dvb: i2c transfers over usb cannot be done from stack\n (bnc#1012382).\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers\n (bnc#1012382).\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong\n (bnc#1012382).\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n - mm/mprotect: add a cond_resched() inside change_pmd_range()\n (bnc#1077871, bnc#1078002).\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP\n (bnc#1012382).\n - module: Add retpoline tag to VERMAGIC (bnc#1012382).\n - module: set __jump_table alignment to 8 (bnc#1012382).\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (bnc#1012382).\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values\n (bnc#1012382).\n - net: bcmgenet: power down internal phy if open or resume fails\n (bnc#1012382).\n - net: bcmgenet: Power up the internal PHY before probing the MII\n (bnc#1012382).\n - net: bcmgenet: reserved phy revisions must be checked first\n (bnc#1012382).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (bnc#1012382).\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n - net: Do not allow negative values for busy_read and busy_poll sysctl\n interfaces (bnc#1012382).\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n - netfilter: do not track fragmented packets (bnc#1012382).\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash\n table (bnc#1012382).\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates\n (bnc#1012382).\n - net: Fix double free and memory corruption in get_net_ns_by_id()\n (bnc#1012382).\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y\n (bnc#1012382).\n - net/mlx5: Avoid NULL pointer dereference on steering cleanup\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare\n (bsc#1015342).\n - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n - net: mvneta: eliminate wrong call to handle rx descriptor error\n (fate#319899).\n - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899).\n - net/packet: fix a race in packet_bind() and packet_notifier()\n (bnc#1012382).\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (bnc#1012382).\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4\n (bnc#1012382).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (bnc#1012382).\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n - nfs: Do not take a reference on fl->fl_file for LOCK operation\n (bnc#1012382).\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n - nfsv4: Fix client recovery when server reboots multiple times\n (bnc#1012382).\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()\n (bnc#1012382).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1012382).\n - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811).\n - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811).\n - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195).\n - nvme-pci: Remove watchdog timer (bsc#1066163).\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel\n (bnc#1012382).\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n - partially revert tipc improve link resiliency when rps is activated\n (bsc#1068038).\n - pci/AER: Report non-fatal errors only to the affected endpoint\n (bnc#1012382).\n - pci: Avoid bus reset if bridge itself is broken (bnc#1012382).\n - pci: Create SR-IOV virtfn/physfn links before attaching driver\n (bnc#1012382).\n - pci: Detach driver before procfs & sysfs teardown on device remove\n (bnc#1012382).\n - pci/PME: Handle invalid data when reading Root Status (bnc#1012382).\n - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases\n (bnc#1012382).\n - perf test attr: Fix ignored test case result (bnc#1012382).\n - phy: work around 'phys' references to usb-nop-xceiv devices\n (bnc#1012382).\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075087).\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo\n (bnc#1012382).\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested\n (bnc#1012382).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback\n after system boot (bsc#1068032, bsc#1075087).\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (bnc#1012382).\n - pti: unbreak EFI (bsc#1074709).\n - r8152: fix the list rx_done may be used without initialization\n (bnc#1012382).\n - r8152: prevent the driver from transmitting packets with carrier off\n (bnc#1012382).\n - r8169: fix memory corruption on retrieval of hardware statistics\n (bnc#1012382).\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n - rdma/cma: Avoid triggering undefined behavior (bnc#1012382).\n - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249).\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382).\n - regulator: core: Rely on regulator_dev_release to free constraints\n (bsc#1074847).\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n - regulator: pwm: Fix regulator ramp delay for continuous mode\n (bsc#1074847).\n - regulator: Try to resolve regulators supplies on registration\n (bsc#1074847).\n - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"\n (bnc#1012382).\n - Revert "drm/armada: Fix compile fail" (bnc#1012382).\n - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi).\n - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (kabi).\n - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"\n (bnc#1012382).\n - Revert "s390/kbuild: enable modversions for symbols exported from asm"\n (bnc#1012382).\n - Revert "sched/deadline: Use the revised wakeup rule for suspending\n constrained dl tasks" (kabi).\n - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline"\n (kabi).\n - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382).\n - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"\n (bnc#1012382).\n - Revert "x86/efi: Build our own page table structures" (bnc#1012382).\n - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"\n (bnc#1012382).\n - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"\n (bnc#1012382).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n - ring-buffer: Mask out the info bits when returning buffer page length\n (bnc#1012382).\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n - route: update fnhe_expires for redirect when the fnhe exists\n (bnc#1012382).\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n - rtc: pl031: make interrupt optional (bnc#1012382).\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n - s390: always save and restore all registers on context switch\n (bnc#1012382).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847,\n LTC#163740).\n - s390: fix compat system call table (bnc#1012382).\n - s390/pci: do not require AIS facility (bnc#1012382).\n - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382\n bnc#1053472).\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n - sched/deadline: Make sure the replenishment timer fires in the next\n period (bnc#1012382).\n - sched/deadline: Throttle a constrained deadline task activated after the\n deadline (bnc#1012382).\n - sched/deadline: Use deadline instead of period when calculating overflow\n (bnc#1012382).\n - sched/deadline: Use the revised wakeup rule for suspending constrained\n dl tasks (bnc#1012382).\n - sched/deadline: Zero out positive runtime after throttling constrained\n tasks (git-fixes).\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138).\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading\n (bnc#1012382).\n - scsi: hpsa: destroy sas transport properties before scsi_host\n (bnc#1012382).\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838).\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1\n volume created on two SATA drive (bnc#1012382).\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n - scsi: sd: change manage_start_stop to bool in sysfs interface\n (bnc#1012382).\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address\n (bnc#1012382).\n - sctp: do not free asoc when it is already dead in sctp_sendmsg\n (bnc#1012382).\n - sctp: Replace use of sockets_allocated with specified macro\n (bnc#1012382).\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n - selftests/x86/ldt_get: Add a few additional tests for limits\n (bnc#1012382).\n - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n - series.conf: move core networking (including netfilter) into sorted\n section\n - series.conf: whitespace cleanup\n - Set supported_modules_check 1 (bsc#1072163).\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n - sh_eth: fix TSU resource handling (bnc#1012382).\n - sit: update frag_off info (bnc#1012382).\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382).\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl\n (bnc#1012382).\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK\n (bnc#1012382).\n - target/file: Do not return error for UNMAP if length is zero\n (bnc#1012382).\n - target: fix ALUA transition timeout handling (bnc#1012382).\n - target:fix condition return in core_pr_dump_initiator_port()\n (bnc#1012382).\n - target: fix race during implicit transition work flushes (bnc#1012382).\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()\n (bnc#1012382).\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n - tcp md5sig: Use skb's saddr when replying to an incoming segment\n (bnc#1012382).\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bnc#1012382).\n - thermal: hisilicon: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - tipc: fix cleanup at module unload (bnc#1012382).\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bnc#1012382).\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n - tracing: Fix possible double free on failure of allocating trace buffer\n (bnc#1012382).\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n - tty fix oops when rmmod 8250 (bnc#1012382).\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n - um: link vmlinux with -no-pie (bnc#1012382).\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n - usb: core: Add type-specific length check of BOS descriptors\n (bnc#1012382).\n - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n - usb: devio: Prevent integer overflow in proc_do_submiturb()\n (bnc#1012382).\n - usb: Fix off by one in type-specific length check of BOS SSP capability\n (git-fixes).\n - usb: fix usbmon BUG trigger (bnc#1012382).\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping\n (bnc#1012382).\n - usb: gadgetfs: Fix a potential memory leak in 'dev_config()'\n (bnc#1012382).\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed\n (bnc#1012382).\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n - usb: Increase usbfs transfer limit (bnc#1012382).\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input\n (bnc#1012382).\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer\n (bnc#1012382).\n - usbip: fix usbip bind writing random string after command in match_busid\n (bnc#1012382).\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address\n (bnc#1012382).\n - usbip: remove kernel addresses from usb device and urb debug msgs\n (bnc#1012382).\n - usbip: stub: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usbip: vhci: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usb: misc: usb3503: make sure reset is low for at least 100us\n (bnc#1012382).\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled\n (git-fixes).\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub\n (bnc#1012382).\n - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ\n (bnc#1012382).\n - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n - usb: serial: option: add Quectel BG96 id (bnc#1012382).\n - usb: serial: option: add support for Telit ME910 PID 0x1101\n (bnc#1012382).\n - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID\n (bnc#1012382).\n - usb: usbfs: Filter flags passed in from user space (bnc#1012382).\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bnc#1012382).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bnc#1012382).\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n - vmxnet3: repair memory leak (bnc#1012382).\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bnc#1012382).\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq\n (bnc#1012382).\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm\n (bnc#1012382).\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels\n (bnc#1012382).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).\n - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025).\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n - x86/Documentation: Add PTI description (bnc#1012382).\n - x86/efi: Build our own page table structures (fate#320512).\n - x86/efi: Hoist page table switching code into efi_call_virt()\n (fate#320512).\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()\n (bnc#1012382).\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bnc#1012382).\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier\n (git-fixes).\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers\n (fate#320588).\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n - x86/pti: Document fix wrong index (bnc#1012382).\n - x86/pti/efi: broken conversion from efi to kernel page table\n (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()\n (bnc#1012382).\n - xen-netfront: avoid crashing on resume after a failure in\n talk_to_netback() (bnc#1012382).\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n - xfs: add configuration of error failure speed (bsc#1068569).\n - xfs: add "fail at unmount" error handling configuration (bsc#1068569).\n - xfs: Add infrastructure needed for error propagation during buffer IO\n failure (bsc#1068569).\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real\n (bnc#1012382).\n - xfs: fix log block underflow during recovery cycle verification\n (bnc#1012382).\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n - xfs: introduce metadata IO error class (bsc#1068569).\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n - xfs: Properly retry failed inode items in case of error during buffer\n writeback (bsc#1068569).\n - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n - xfs: validate sb_logsunit is a multiple of the fs blocksize\n (bsc#1077513).\n - xhci: Do not add a virt_dev to the devs array before it's fully\n allocated (bnc#1012382).\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()\n (bnc#1012382).\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n - zram: set physical queue limits to avoid array out of bounds accesses\n (bnc#1012382).\n\n", "edition": 1, "modified": "2018-02-09T15:09:34", "published": "2018-02-09T15:09:34", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html", "id": "OPENSUSE-SU-2018:0408-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-20T03:17:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17862", "CVE-2017-15129", "CVE-2017-17712", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017", "CVE-2017-17864"], "description": "The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.114 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a "pointer leak (bnc#1073928).\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel has a race condition in inet->hdrincl that leads to\n uninitialized stack pointer usage; this allowed a local user to execute\n code and gain privileges (bnc#1073229 1073230).\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n exists in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - 509: fix printing uninitialized stack memory when OID is empty\n (bsc#1075078).\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n - acpi / scan: Prefer devices without _HID/_CID for _ADR matching\n (bnc#1012382).\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n - afs: Adjust mode bits processing (bnc#1012382).\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n - afs: Fix afs_kill_pages() (bnc#1012382).\n - afs: Fix missing put_page() (bnc#1012382).\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n - afs: Populate and use client modification time (bnc#1012382).\n - afs: Populate group ID from vnode status (bnc#1012382).\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n - alpha: fix build failures (bnc#1012382).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1031717).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant\n (bsc#1031717).\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1031717).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n - arc: uaccess: dont use "l" gcc inline asm constraint modifier\n (bnc#1012382).\n - arm64: Add hypervisor safe helper for checking constant capabilities\n (bsc#1068032).\n - arm64: Add macros to read/write system registers (bsc#1068032).\n - arm64: add macro to extract ESR_ELx.EC (bsc#1068032).\n - arm64: Add skeleton to harden the branch predictor against aliasing\n attacks (bsc#1068032).\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n - arm64: alternative: add auto-nop infrastructure (bsc#1068032).\n - arm64: barriers: introduce nops and __nops macros for NOP sequences\n (bsc#1068032).\n - arm64: cpu_errata: Allow an erratum to be match for all revisions of a\n core (bsc#1068032).\n - arm64: cpufeature: Add scope for capability check (bsc#1068032).\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n - arm64: cpufeature: Pass capability structure to ->enable callback\n (bsc#1068032).\n - arm64: debug: remove unused local_dbg_{enable, disable} macros\n (bsc#1068032).\n - arm64: Disable kpti for non broadcast TLB HW (bsc#1068032).\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: entry: Add exception trampoline page for exceptions from EL0\n (bsc#1068032).\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0\n (bsc#1068032).\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro\n (bsc#1068032).\n - arm64: entry: Hook up entry trampoline to exception vectors\n (bsc#1068032).\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n - arm64: entry.S convert el0_sync (bsc#1068032).\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n - arm64: entry.S: move SError handling into a C function for future\n expansion (bsc#1068032).\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n - arm64: explicitly mask all exceptions (bsc#1068032).\n - arm64: factor out entry stack manipulation (bsc#1068032).\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros\n (bsc#1068032).\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm\n macro (bsc#1068032).\n - arm64: factor work_pending state machine to C (bsc#1068032).\n - arm64: Fix circular include of asm/lse.h through linux/jump_label.h\n (bsc#1068032).\n - arm64: Fix compilation (bsc#1068032).\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs\n (bsc#1068032).\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n - arm64: introduce an order for exceptions (bsc#1068032).\n - arm64: introduce mov_q macro to move a constant into a 64-bit register\n (bsc#1068032).\n - arm64: Introduce uaccess_{disable,enable} functionality based on\n TTBR0_EL1 (bsc#1068032).\n - arm64: kaslr: Put kernel vectors address in separate data page\n (bsc#1068032).\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n - arm64: kpti: Fix the interaction between ASID switching and software PAN\n (bsc#1068032).\n - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bnc#1012382).\n - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm64: kvm: Survive unknown traps from guests (bnc#1012382).\n - arm64: kvm: Use per-CPU vector when BP hardening is enabled\n (bsc#1068032).\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR\n (bsc#1068032).\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI\n (bsc#1068032).\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables\n (bsc#1068032).\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n - arm64: Move the async/fiq helpers to explicitly set process context\n flags (bsc#1068032).\n - arm64: Store struct thread_info in sp_el0 (bsc#1068032).\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to\n init_mm (bsc#1068032).\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n - arm64: swp emulation: bound LL/SC retries before rescheduling\n (bsc#1068032).\n - arm64: sysreg: allow write_sysreg to use XZR (bsc#1068032).\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg\n (bsc#1068032).\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n - arm64: tlbflush.h: add __tlbi() macro (bsc#1068032).\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks\n (bsc#1068032).\n - arm64: use alternative auto-nop (bsc#1068032).\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n - arm64: Use static keys for CPU features (bsc#1068032).\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n - arm: avoid faulting on qemu (bnc#1012382).\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed\n memory (bnc#1012382).\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7\n (bnc#1012382).\n - arm: dts: ti: fix pci bus dtc warnings (bnc#1012382).\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n - arm: kprobes: Fix the return address of multiple kretprobes\n (bnc#1012382).\n - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm: kvm: Survive unknown traps from guests (bnc#1012382).\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure\n (bnc#1012382).\n - arm: OMAP2+: Release device node after it is no longer needed\n (bnc#1012382).\n - asm-prototypes: Clear any CPP defines before declaring the functions\n (git-fixes).\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n - asn.1: fix out-of-bounds read when parsing indefinite length item\n (bnc#1012382).\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n - atm: horizon: Fix irq release error (bnc#1012382).\n - audit: ensure that 'audit=1' actually enables audit for PID 1\n (bnc#1012382).\n - axonram: Fix gendisk handling (bnc#1012382).\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: debug: avoid accessing .bi_io_vec directly (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n - bcache: gc does not work when triggering by manual command (bsc#1076110,\n bsc#1038078).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bnc#1012382 bsc#1043652).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110).\n - bcache: pr_err: more meaningful error message when nr_stripes is invalid\n (bsc#1076110).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bnc#1012382\n bsc#1043652).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1076110).\n - bcache: Remove deprecated create_workqueue (bsc#1076110).\n - bcache: Remove redundant block_size assignment (bsc#1076110).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1076110).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085,\n bsc#1019784).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache: switch to using blk_queue_write_cache() (bsc#1076110).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: update document info (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - be2net: restore properly promisc mode after queues reconfiguration\n (bsc#963844 FATE#320192).\n - block: export bio_free_pages to other modules (bsc#1076110).\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure\n (bnc#1012382).\n - bnx2x: fix possible overrun of VFPF multicast addresses array\n (bnc#1012382).\n - bnx2x: prevent crash when accessing PTP with interface down\n (bnc#1012382).\n - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1066842).\n - btrfs: add missing memset while reading compressed inline extents\n (bnc#1012382).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bnc#1012382).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bnc#1012382).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bnc#1012382).\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bnc#1012382).\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - ceph: drop negative child dentries before try pruning inode's alias\n (bnc#1012382).\n - ceph: more accurate statfs (bsc#1077068).\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o\n VPU (bnc#1012382).\n - clk: mediatek: add the option for determining PLL source clock\n (bnc#1012382).\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n - cpuidle: fix broadcast control when broadcast can not be entered\n (bnc#1012382).\n - cpuidle: powernv: Pass correct drv->cpumask for registration\n (bnc#1012382).\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns()\n (bnc#1012382).\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n - crypto: crypto4xx - increase context and scatter ring buffer elements\n (bnc#1012382).\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex\n (bnc#1012382).\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n - crypto: n2 - cure use after free (bnc#1012382).\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler\n (bnc#1012382).\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n - cxl: Check if vphb exists before iterating over AFU devices\n (bsc#1066223).\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state\n (bnc#1012382).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bnc#1012382).\n - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()\n (bnc#1012382).\n - dmaengine: pl330: fix double lock (bnc#1012382).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bnc#1012382).\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)\n (bnc#1012382).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n - drivers: base: cacheinfo: fix boot error message when acpi is enabled\n (bnc#1012382).\n - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bnc#1012382).\n - drivers/firmware: Expose psci_get_version through psci_ops structure\n (bsc#1068032).\n - drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h\n (bsc#1076110).\n - drivers: net: xgene: Fix hardware checksum setting (bsc#1078526).\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n - drm: extra printk() wrapper macros (bnc#1012382).\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement\n (bnc#1012382).\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU\n (bnc#1012382).\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE\n instead of 0 (bnc#1012382).\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bnc#1012382).\n - Fix build error in vma.c (bnc#1012382).\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n - flow_dissector: properly cap thoff field (bnc#1012382).\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n - fork: clear thread stack upon allocation (bsc#1077560). Conflicts:\n series.conf\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - gfs2: Take inode off order_write list when setting jdata flag\n (bnc#1012382).\n - gpio: altera: Use handle_level_irq when configured as a level_high\n (bnc#1012382).\n - hid: chicony: Add support for another ASUS Zen AiO keyboard\n (bnc#1012382).\n - hid: xinmo: fix for out of range for THT 2P arcade controller\n (bnc#1012382).\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n - i40e: Do not enable NAPI on q_vectors that have no rings (bnc#1012382).\n - ib/hfi1: Correct defered count after processing qp_wait_list (git-fixes).\n - ib/hfi1: Fix rnr_timer addition (git-fixes).\n - ib/hfi1: Handle kzalloc failure in init_pervl_scs (git-fixes).\n - ib/hfi1: Move iowait_init() to priv allocate (git-fixes).\n - ib/hfi1: Prevent kernel QP post send hard lockups (git-fixes).\n - ib/hfi1: Reset QSFP on every run through channel tuning (git-fixes).\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush\n (git-fixes).\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop\n (bnc#1012382).\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n - ibmvnic: Modify buffer size and number of queues on failover\n (bsc#1076872).\n - ibmvnic: Revert to previous mtu when unsupported value requested\n (bsc#1076872).\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n - ib/qib: Remove qpt_mask global (git-fixes).\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (git-fixes).\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n - igb: check memory allocation failure (bnc#1012382).\n - ima: fix hash algorithm initialization (bnc#1012382).\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n - input: elantech - add new icbody type 15 (bnc#1012382).\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list\n (bnc#1012382).\n - input: trackpoint - force 3 buttons if 0 button is reported\n (bnc#1012382).\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (bnc#1012382).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (bnc#1012382).\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref\n (bnc#1012382).\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n - jump_label: Make it possible for arches to invoke jump_label_init()\n earlier (bsc#1068032).\n - jump_labels: Allow array initialisers (bsc#1068032).\n - Kabi: Keep KVM stable after enable s390 wire up bpb feature\n (bsc#1076806).\n - kABI: protect struct bpf_map (kabi).\n - kABI: protect struct ipv6_pinfo (kabi).\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n - kABI: protect struct usbip_device (kabi).\n - kabi/severities: do not care about stuff_RSB\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (bnc#1012382).\n - kernel: make groups_sort calling a responsibility group_info allocators\n (bnc#1012382).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (bnc#1012382).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (bnc#1012382).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (bnc#1012382).\n - keys: add missing permission check for request_key() destination\n (bnc#1012382).\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n - kpti: Report when enabled (bnc#1012382).\n - kvm: arm/arm64: Fix occasional warning from the timer work function\n (bnc#1012382 bsc#988524).\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset\n (bnc#1012382).\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables\n (bnc#1012382).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (bsc#1076806).\n - kvm: s390: wire up bpb feature (bsc#1076806).\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382).\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n - kvm: x86: fix RSM when pciD is non-zero (bnc#1012382).\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices\n (bnc#1012382).\n - libata: drop WARN from protocol error in ata_sff_qc_issue()\n (bnc#1012382).\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n - macvlan: Only deliver one copy of the frame to the macvlan interface\n (bnc#1012382).\n - md-cluster: free md_cluster_info if node leave cluster (bnc#1012382).\n - media: dvb: i2c transfers over usb cannot be done from stack\n (bnc#1012382).\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012382).\n - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses\n (bnc#1012382).\n - MIPS: Factor out NT_PRFPREG regset access helpers (bnc#1012382).\n - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA\n (bnc#1012382).\n - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: math-emu: Fix final emulation phase for certain instructions\n (bnc#1012382).\n - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the\n task (bnc#1012382).\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers\n (bnc#1012382).\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong\n (bnc#1012382).\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n - mm: Introduce lm_alias (bsc#1068032).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1012382).\n - mm/mprotect: add a cond_resched() inside change_pmd_range()\n (bnc#1077871).\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP\n (bnc#1012382).\n - module: set __jump_table alignment to 8 (bnc#1012382).\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (bnc#1012382).\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values\n (bnc#1012382).\n - net: bcmgenet: power down internal phy if open or resume fails\n (bnc#1012382).\n - net: bcmgenet: Power up the internal PHY before probing the MII\n (bnc#1012382).\n - net: bcmgenet: reserved phy revisions must be checked first\n (bnc#1012382).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (bnc#1012382).\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n - net: Do not allow negative values for busy_read and busy_poll sysctl\n interfaces (bnc#1012382).\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n - netfilter: do not track fragmented packets (bnc#1012382).\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash\n table (bnc#1012382).\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates\n (bnc#1012382).\n - net: Fix double free and memory corruption in get_net_ns_by_id()\n (bnc#1012382).\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y\n (bnc#1012382).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n - net/packet: fix a race in packet_bind() and packet_notifier()\n (bnc#1012382).\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (bnc#1012382).\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4\n (bnc#1012382).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (bnc#1012382).\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n - nfs: Do not take a reference on fl->fl_file for LOCK operation\n (bnc#1012382).\n - nfs: Fix a typo in nfs_rename() (bnc#1012382).\n - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n - nfsv4: Fix client recovery when server reboots multiple times\n (bnc#1012382).\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()\n (bnc#1012382).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1012382).\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel\n (bnc#1012382).\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n - partially revert tipc improve link resiliency when rps is activated\n (bsc#1068038).\n - pci/aer: Report non-fatal errors only to the affected endpoint\n (bnc#1012382).\n - pci: Avoid bus reset if bridge itself is broken (bnc#1012382).\n - pci: Create SR-IOV virtfn/physfn links before attaching driver\n (bnc#1012382).\n - pci: Detach driver before procfs & sysfs teardown on device remove\n (bnc#1012382).\n - pci/pme: Handle invalid data when reading Root Status (bnc#1012382).\n - pci / pm: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases\n (bnc#1012382).\n - perf test attr: Fix ignored test case result (bnc#1012382).\n - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver\n (bsc#1036737).\n - perf: xgene: Add support for SoC PMU version 3 (bsc#1076809).\n - perf: xgene: Include module.h (bsc#1076809).\n - perf: xgene: Move PMU leaf functions into function pointer structure\n (bsc#1076809).\n - perf: xgene: Parse PMU subnode from the match table (bsc#1076809).\n - perf: xgene: Remove unnecessary managed resources cleanup (bsc#1076809).\n - phy: work around 'phys' references to usb-nop-xceiv devices\n (bnc#1012382).\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075087).\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo\n (bnc#1012382).\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested\n (bnc#1012382).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback\n after system boot (bsc#1068032, bsc#1075087).\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (bnc#1012382).\n - pti: unbreak EFI (bsc#1074709).\n - r8152: fix the list rx_done may be used without initialization\n (bnc#1012382).\n - r8152: prevent the driver from transmitting packets with carrier off\n (bnc#1012382).\n - r8169: fix memory corruption on retrieval of hardware statistics\n (bnc#1012382).\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n - rdma/cma: Avoid triggering undefined behavior (bnc#1012382).\n - rdma/iser: Fix possible mr leak on device removal event (bnc#1012382).\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382).\n - regulator: core: Rely on regulator_dev_release to free constraints\n (bsc#1074847).\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n - regulator: pwm: Fix regulator ramp delay for continuous mode\n (bsc#1074847).\n - regulator: Try to resolve regulators supplies on registration\n (bsc#1074847).\n - Revert "arm64: alternatives: add enable parameter to conditional asm\n macros" (bsc#1068032).\n - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"\n (bnc#1012382).\n - Revert "drm/armada: Fix compile fail" (bnc#1012382).\n - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi).\n - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi).\n - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"\n (bnc#1012382).\n - Revert "s390/kbuild: enable modversions for symbols exported from asm"\n (bnc#1012382).\n - Revert "sched/deadline: Use the revised wakeup rule for suspending\n constrained dl tasks" (kabi).\n - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline"\n (kabi).\n - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382).\n - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"\n (bnc#1012382).\n - Revert "x86/efi: Build our own page table structures" (bnc#1012382).\n - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"\n (bnc#1012382).\n - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"\n (bnc#1012382).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n - ring-buffer: Mask out the info bits when returning buffer page length\n (bnc#1012382).\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n - route: update fnhe_expires for redirect when the fnhe exists\n (bnc#1012382).\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n - rtc: pl031: make interrupt optional (bnc#1012382).\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n - s390: always save and restore all registers on context switch\n (bnc#1012382).\n - s390: fix compat system call table (bnc#1012382).\n - s390/pci: do not require AIS facility (bnc#1012382).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1012382).\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n - sched/deadline: Make sure the replenishment timer fires in the next\n period (bnc#1012382).\n - sched/deadline: Throttle a constrained deadline task activated after the\n deadline (bnc#1012382).\n - sched/deadline: Use deadline instead of period when calculating overflow\n (bnc#1012382).\n - sched/deadline: Use the revised wakeup rule for suspending constrained\n dl tasks (bnc#1012382).\n - sched/deadline: Zero out positive runtime after throttling constrained\n tasks (git-fixes).\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n - scsi: check for device state in __scsi_remove_target() (bsc#1072589).\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n - scsi: fixup kernel warning during rmmod() (bsc#1052360).\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading\n (bnc#1012382).\n - scsi: hpsa: destroy sas transport properties before scsi_host\n (bnc#1012382).\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters\n (bnc#1012382).\n - scsi: lpfc: Fix PT2PT PRLI reject (bnc#1012382).\n - scsi: lpfc: Fix secure firmware updates (bnc#1012382).\n - scsi: lpfc: PLOGI failures during NPIV testing (bnc#1012382).\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1\n volume created on two SATA drive (bnc#1012382).\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n - scsi: sd: change manage_start_stop to bool in sysfs interface\n (bnc#1012382).\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address\n (bnc#1012382).\n - sctp: do not free asoc when it is already dead in sctp_sendmsg\n (bnc#1012382).\n - sctp: Replace use of sockets_allocated with specified macro\n (bnc#1012382).\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n - selftests/x86/ldt_get: Add a few additional tests for limits\n (bnc#1012382).\n - serial: 8250_pci: Add Amazon pci serial device ID (bnc#1012382).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n - Set supported_modules_check 1 (bsc#1072163).\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n - sh_eth: fix TSU resource handling (bnc#1012382).\n - sit: update frag_off info (bnc#1012382).\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382).\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl\n (bnc#1012382).\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK\n (bnc#1012382).\n - target/file: Do not return error for UNMAP if length is zero\n (bnc#1012382).\n - target: fix ALUA transition timeout handling (bnc#1012382).\n - target:fix condition return in core_pr_dump_initiator_port()\n (bnc#1012382).\n - target: fix race during implicit transition work flushes (bnc#1012382).\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()\n (bnc#1012382).\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n - tcp md5sig: Use skb's saddr when replying to an incoming segment\n (bnc#1012382).\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bnc#1012382).\n - thermal: hisilicon: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - tipc: fix cleanup at module unload (bnc#1012382).\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bnc#1012382).\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n - tracing: Fix possible double free on failure of allocating trace buffer\n (bnc#1012382).\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n - tty fix oops when rmmod 8250 (bnc#1012382).\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n - um: link vmlinux with -no-pie (bnc#1012382).\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n - USB: core: Add type-specific length check of BOS descriptors\n (bnc#1012382).\n - USB: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n - USB: devio: Prevent integer overflow in proc_do_submiturb()\n (bnc#1012382).\n - USB: Fix off by one in type-specific length check of BOS SSP capability\n (git-fixes).\n - USB: fix usbmon BUG trigger (bnc#1012382).\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping\n (bnc#1012382).\n - USB: gadgetfs: Fix a potential memory leak in 'dev_config()'\n (bnc#1012382).\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed\n (bnc#1012382).\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n - USB: Increase usbfs transfer limit (bnc#1012382).\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input\n (bnc#1012382).\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer\n (bnc#1012382).\n - usbip: fix usbip bind writing random string after command in match_busid\n (bnc#1012382).\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address\n (bnc#1012382).\n - usbip: remove kernel addresses from usb device and urb debug msgs\n (bnc#1012382).\n - usbip: stub: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usbip: vhci: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usb: misc: usb3503: make sure reset is low for at least 100us\n (bnc#1012382).\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled\n (git-fixes).\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub\n (bnc#1012382).\n - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ\n (bnc#1012382).\n - USB: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n - USB: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n - USB: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n - USB: serial: option: add Quectel BG96 id (bnc#1012382).\n - USB: serial: option: add support for Telit ME910 PID 0x1101\n (bnc#1012382).\n - USB: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID\n (bnc#1012382).\n - USB: usbfs: Filter flags passed in from user space (bnc#1012382).\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bnc#1012382).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bnc#1012382).\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n - vmxnet3: repair memory leak (bnc#1012382).\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bnc#1012382).\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq\n (bnc#1012382).\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n - X.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n - X.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm\n (bnc#1012382).\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels\n (bnc#1012382).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n - x86/Documentation: Add PTI description (bnc#1012382).\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()\n (bnc#1012382).\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bnc#1012382).\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier\n (git-fixes).\n - x86/mm: Disable pciD on 32-bit kernels (bnc#1012382).\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n - x86/pti: Document fix wrong index (bnc#1012382).\n - x86/pti/efi: broken conversion from efi to kernel page table\n (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()\n (bnc#1012382).\n - xen-netfront: avoid crashing on resume after a failure in\n talk_to_netback() (bnc#1012382).\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n - xfs: add configuration of error failure speed (bsc#1068569).\n - xfs: add "fail at unmount" error handling configuration (bsc#1068569).\n - xfs: Add infrastructure needed for error propagation during buffer IO\n failure (bsc#1068569).\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real\n (bnc#1012382).\n - xfs: fix log block underflow during recovery cycle verification\n (bnc#1012382).\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n - xfs: introduce metadata IO error class (bsc#1068569).\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n - xfs: Properly retry failed inode items in case of error during buffer\n writeback (bsc#1068569).\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n - xhci: Do not add a virt_dev to the devs array before it's fully\n allocated (bnc#1012382).\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()\n (bnc#1012382).\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n - zram: set physical queue limits to avoid array out of bounds accesses\n (bnc#1012382).\n\n", "edition": 1, "modified": "2018-02-20T00:08:58", "published": "2018-02-20T00:08:58", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html", "id": "SUSE-SU-2018:0482-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-27T23:20:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18079", "CVE-2017-5754", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption)\n or possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port->exists value can change after it is validated (bnc#1077922).\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's\n assigned to guests to send ethernet flow control pause frames via the\n PF. (bnc#1077355).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n existed in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1045538).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n - alsa: aloop: Release cable upon open error path (bsc#1045538).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1045538).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n - btrfs: cleanup unnecessary assignment when cleaning up all the residual\n transaction (FATE#325056).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: do not wait for all the writers circularly during the transaction\n commit (FATE#325056).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1080363).\n - btrfs: fix two use-after-free bugs with transaction cleanup\n (FATE#325056).\n - btrfs: make the state of the transaction more readable (FATE#325056).\n - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#1080685).\n - btrfs: reset intwrite on transaction abort (FATE#325056).\n - btrfs: set qgroup_ulist to be null after calling ulist_free()\n (bsc#1080359).\n - btrfs: stop waiting on current trans if we aborted (FATE#325056).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n - dm flakey: add drop_writes (bsc#1080372).\n - dm flakey: error READ bios during the down_interval (bsc#1080372).\n - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n - dm flakey: fix reads to be issued if drop_writes configured\n (bsc#1080372).\n - dm flakey: introduce "error_writes" feature (bsc#1080372).\n - dm flakey: support feature args (bsc#1080372).\n - dm flakey: use dm_target_offset and support discards (bsc#1080372).\n - ext2: free memory allocated and forget buffer head when io error happens\n (bnc#1069508).\n - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - ext3: add necessary check in case IO error happens (bnc#1069508).\n - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kaiser: Add proper NX handling for !NX-capable systems also to\n kaiser_add_user_map(). (bsc#1076278).\n - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call\n cannot make assumption of accessible stack after CR3 switch, and\n therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the\n pagetable hierarchy.\n - kaiser: Fix trampoline stack loading issue on XEN PV\n - kaiser: handle non-accessible stack in sysretl_from_sys_call properly\n (bsc#bsc#1080579)\n - kaiser: make sure not to touch stack after CR3 switch in compat syscall\n return\n - kaiser: really do switch away from trampoline stack to kernel stack in\n ia32_syscall entry (bsc#1080579)\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - keys: trusted: fix writing past end of buffer in trusted_read()\n (bsc#1074880).\n - media: omap_vout: Fix a possible null pointer dereference in\n omap_vout_open() (bsc#1050431).\n - mISDN: fix a loop count (bsc#1077191).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert\n thread (bsc#1076437).\n - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can\n not be granted at once (bsc#1076437).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075088).\n - powerpc: Fix register clobbering when accumulating stolen time\n (bsc#1059174).\n - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,\n git-fixes).\n - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Kill all prefetch streams on context switch\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1075088).\n - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075088).\n - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1075088).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1075088).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - scsi: virtio_scsi: let host do exception handling\n (bsc#936530,bsc#1060682).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032\n CVE-2017-5754).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL\n (bsc#1068032 CVE-2017-5715).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n\n", "edition": 1, "modified": "2018-02-27T21:07:43", "published": "2018-02-27T21:07:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html", "id": "SUSE-SU-2018:0555-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-29T20:47:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15299", "CVE-2017-16913", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-16912", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-13166", "CVE-2016-7915", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-5332", "CVE-2018-1068", "CVE-2017-16644", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-16914", "CVE-2017-18221"], "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall\n interface for bridging. This allowed a privileged user to arbitrarily\n write to a limited range of kernel memory (bnc#1085107).\n - CVE-2017-18221: The __munlock_pagevec function allowed local users to\n cause a denial of service (NR_MLOCK accounting corruption) via crafted\n use of mlockall and munlockall system calls (bnc#1084323).\n - CVE-2018-1066: Prevent NULL pointer dereference in\n fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker\n controlling a CIFS server to kernel panic a client that has this server\n mounted, because an empty TargetInfo field in an NTLMSSP setup\n negotiation response was mishandled during session recovery\n (bnc#1083640).\n - CVE-2017-13166: Prevent elevation of privilege vulnerability in the\n kernel v4l2 video driver (bnc#1072865).\n - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose\n kernel memory addresses. Successful exploitation required that a USB\n device was attached over IP (bnc#1078674).\n - CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key\n that already exists but is uninstantiated, which allowed local users to\n cause a denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted system call\n (bnc#1063416).\n - CVE-2017-18208: The madvise_willneed function kernel allowed local users\n to cause a denial of service (infinite loop) by triggering use of\n MADVISE_WILLNEED for a DAX mapping (bnc#1083494).\n - CVE-2018-7566: The ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first write happens and\n the pool is empty. A user could have reset the pool size manually via\n ioctl concurrently, which may have lead UAF or out-of-bound access\n (bsc#1083483).\n - CVE-2017-18204: The ocfs2_setattr function allowed local users to cause\n a denial of service (deadlock) via DIO requests (bnc#1083244).\n - CVE-2017-16644: The hdpvr_probe function allowed local users to cause a\n denial of service (improper error handling and system crash) or possibly\n have unspecified other impact via a crafted USB device (bnc#1067118).\n - CVE-2018-6927: The futex_requeue function allowed attackers to cause a\n denial\n of service (integer overflow) or possibly have unspecified other impact\n by triggering a negative wake or requeue value (bnc#1080757).\n - CVE-2017-16914: The "stub_send_ret_submit()" function allowed attackers\n to cause a denial of service (NULL pointer dereference) via a specially\n crafted USB over IP packet (bnc#1078669).\n - CVE-2016-7915: The hid_input_field function allowed physically proximate\n attackers to obtain sensitive information from kernel memory or cause a\n denial\n of service (out-of-bounds read) by connecting a device (bnc#1010470).\n - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did\n unbalanced refcounting when a SCSI I/O vector had small consecutive\n buffers belonging to the same page. The bio_add_pc_page function merged\n them into one, but the page reference was never dropped. This caused a\n memory leak and possible system lockup (exploitable against the host OS\n by a guest OS user, if a SCSI disk is passed through to a virtual\n machine) due to an out-of-memory condition (bnc#1062568).\n - CVE-2017-16912: The "get_pipe()" function allowed attackers to cause a\n denial\n of service (out-of-bounds read) via a specially crafted USB over IP\n packet (bnc#1078673).\n - CVE-2017-16913: The "stub_recv_cmd_submit()" function when handling\n CMD_SUBMIT packets allowed attackers to cause a denial of service\n (arbitrary memory allocation) via a specially crafted USB over IP packet\n (bnc#1078672).\n - CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading to a heap-based\n out-of-bounds write (related to the rds_rdma_extra_size function in\n net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled\n cases where page pinning fails or an invalid address is supplied,\n leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function allowed remote\n attackers to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact by leveraging the\n presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n The following non-security bugs were fixed:\n\n - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).\n - KEYS: fix writing past end of user-supplied buffer in keyring_read()\n (bsc#1066001).\n - KEYS: return full count in keyring_read() if buffer is too small\n (bsc#1066001).\n - NFS: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755 and bsc#1080287).\n - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n - x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)\n - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow\n variables support (bsc#1082299).\n - livepatch: introduce shadow variable API. Shadow variables support\n (bsc#1082299)\n - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: do not copy back the result for certain\n errors (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: move 'helper' functions to\n __get/put_v4l2_format32 (bnc#1012382).\n - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).\n - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY\n (bnc#1012382).\n - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets\n (bsc#1085107).\n - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n - packet: only call dev_add_pack() on freshly allocated fanout instances\n - pipe: cap initial pipe capacity according to pipe-max-size limit\n (bsc#1045330).\n - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,\n bsc#1077182).\n - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove\n (bsc#1081512).\n - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1077182).\n - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1077182).\n - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1077182).\n - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1077182).\n - rfi-flush: Move the logic to avoid a redo into the debugfs code\n (bsc#1068032, bsc#1077182).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,\n bsc#1077182).\n\n", "edition": 1, "modified": "2018-03-29T18:11:43", "published": "2018-03-29T18:11:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html", "id": "SUSE-SU-2018:0848-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-19T17:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2018-8087", "CVE-2017-17862", "CVE-2017-16912", "CVE-2017-15129", "CVE-2017-17975", "CVE-2017-17712", "CVE-2017-13166", "CVE-2017-18174", "CVE-2017-5715", "CVE-2017-15951", "CVE-2017-18208", "CVE-2018-5332", "CVE-2017-16644", "CVE-2017-18017", "CVE-2017-17864", "CVE-2018-1000026"], "edition": 1, "description": "The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to\n receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka "retpolines".\n\n - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2\n video driver. (bnc#1072865).\n - CVE-2017-15129: A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel. The function\n get_net_ns_by_id() in net/core/net_namespace.c did not check for the\n net::count value after it has found a peer network in netns_ids idr,\n which could lead to double free and memory corruption. This\n vulnerability could allow an unprivileged local user to induce kernel\n memory corruption on the system, leading to a crash. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled out, although it\n is thought to be unlikely (bnc#1074839).\n - CVE-2017-15951: The KEYS subsystem in the Linux kernel did not correctly\n synchronize the actions of updating versus finding a key in the\n "negative" state to avoid a race condition, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls (bnc#1065615).\n - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)\n in the Linux Kernel allowed attackers to cause a denial of service\n (out-of-bounds read) via a specially crafted USB over IP packet\n (bnc#1078673).\n - CVE-2017-16913: The "stub_recv_cmd_submit()" function\n (drivers/usb/usbip/stub_rx.c) in the Linux Kernel when handling\n CMD_SUBMIT packets allowed attackers to cause a denial of service\n (arbitrary memory allocation) via a specially crafted USB over IP packet\n (bnc#1078672).\n - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the\n Linux kernel has a race condition in inet->hdrincl that leads to\n uninitialized stack pointer usage; this allowed a local user to execute\n code and gain privileges (bnc#1073229 1073230).\n - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores\n unreachable code, even though it would still be processed by JIT\n compilers. This behavior, also considered an improper branch-pruning\n logic issue, could possibly be used by local users for denial of service\n (bnc#1073928).\n - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled\n states_equal comparisons between the pointer data type and the\n UNKNOWN_VALUE data type, which allowed local users to obtain potentially\n sensitive address information, aka a "pointer leak (bnc#1073928).\n - CVE-2017-17975: Use-after-free in the usbtv_probe function in\n drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial\n of service (system crash) or possibly have unspecified other impact by\n triggering failure of audio registration, because a kfree of the usbtv\n data structure occurs during a usbtv_video_free call, but the\n usbtv_video_fail label's code attempts to both access and free this data\n structure (bnc#1074426).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18174: In the Linux kernel the amd_gpio_remove function in\n drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,\n leading to a double free (bnc#1080533).\n - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed\n local users to cause a denial of service (infinite loop) by triggering\n use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n existed in the sound system, which could lead to a deadlock and denial\n of service condition (bnc#1076017).\n - CVE-2018-1000026: Linux kernel version contained a insufficient input\n validation vulnerability in bnx2x network card driver that can result in\n DoS: Network card firmware assertion takes card off-line. This attack\n appear to be exploitable via an attacker that must pass a very large,\n specially crafted packet to the bnx2x card. This can be done from an\n untrusted guest VM. (bnc#1079384).\n - CVE-2018-5332: In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function did not validate a value that is used\n during DMA page allocation, leading to a heap-based out-of-bounds write\n (related to the rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel through 4.14.13, the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page pinning fails or\n an invalid address is supplied, leading to an rds_atomic_free_op NULL\n pointer dereference (bnc#1075617).\n - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in\n drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a\n denial of service (memory consumption) by triggering an out-of-array\n error case (bnc#1085053).\n - CVE-2017-16644: The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a\n denial of service (improper error handling and system crash) or possibly\n have unspecified other impact via a crafted USB device (bnc#1067118).\n\n The following non-security bugs were fixed:\n\n - 509: fix printing uninitialized stack memory when OID is empty\n (bsc#1075078).\n - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382).\n - acpi / bus: Leave modalias empty for devices which are not present\n (bnc#1012382).\n - acpi, nfit: fix health event notification (FATE#321135, FATE#321217,\n FATE#321256, FATE#321391, FATE#321393).\n - acpi, nfit: fix register dimm error handling (FATE#321135, FATE#321217,\n FATE#321256, FATE#321391, FATE#321393).\n - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382).\n - acpi / scan: Prefer devices without _HID/_CID for _ADR matching\n (bnc#1012382).\n - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382).\n - add ip6_make_flowinfo helper (bsc#1042286).\n - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382).\n - af_key: fix buffer overread in verify_address_len() (bnc#1012382).\n - afs: Adjust mode bits processing (bnc#1012382).\n - afs: Connect up the CB.ProbeUuid (bnc#1012382).\n - afs: Fix afs_kill_pages() (bnc#1012382).\n - afs: Fix missing put_page() (bnc#1012382).\n - afs: Fix page leak in afs_write_begin() (bnc#1012382).\n - afs: Fix the maths in afs_fs_store_data() (bnc#1012382).\n - afs: Flush outstanding writes when an fd is closed (bnc#1012382).\n - afs: Migrate vlocation fields to 64-bit (bnc#1012382).\n - afs: Populate and use client modification time (bnc#1012382).\n - afs: Populate group ID from vnode status (bnc#1012382).\n - afs: Prevent callback expiry timer overflow (bnc#1012382).\n - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382).\n - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI\n (bnc#1012382).\n - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382).\n - alpha: fix build failures (bnc#1012382).\n - alpha: fix crash if pthread_create races with signal delivery\n (bnc#1012382).\n - alpha: fix reboot on Avanti platform (bnc#1012382).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1031717).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717).\n - alsa: aloop: Release cable upon open error path (bsc#1031717).\n - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant\n (bsc#1031717).\n - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717).\n - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382).\n - alsa: hda - Fix headset mic detection problem for two Dell machines\n (bnc#1012382).\n - alsa: hda/realtek - Add headset mode support for Dell laptop\n (bsc#1031717).\n - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382).\n - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717).\n - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1031717).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1031717).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717).\n - alsa: seq: Fix racy pool initializations (bnc#1012382).\n - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382).\n - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204\n (bnc#1012382).\n - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute\n (bnc#1012382).\n - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382).\n - arc: uaccess: dont use "l" gcc inline asm constraint modifier\n (bnc#1012382).\n - arm64: add PTE_ADDR_MASK (bsc#1068032).\n - arm64: Add skeleton to harden the branch predictor against aliasing\n attacks (bsc#1068032).\n - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032).\n - arm64: barrier: Add CSDB macros to control data-value prediction\n (bsc#1068032).\n - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032).\n - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032).\n - arm64: cpufeature: Pass capability structure to ->enable callback\n (bsc#1068032).\n - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032).\n - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75\n (bsc#1068032).\n - arm64: debug: remove unused local_dbg_{enable, disable} macros\n (bsc#1068032).\n - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382).\n - arm64: Define cputype macros for Falkor CPU (bsc#1068032).\n - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032).\n - arm64: Disable unhandled signal log messages by default (bnc#1012382).\n - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187).\n - arm64: do not pull uaccess.h into *.S (bsc#1068032).\n - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382).\n - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: entry: Add exception trampoline page for exceptions from EL0\n (bsc#1068032).\n - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0\n (bsc#1068032).\n - arm64: entry: Apply BP hardening for high-priority synchronous\n exceptions (bsc#1068032).\n - arm64: entry: Apply BP hardening for suspicious interrupts from EL0\n (bsc#1068032).\n - arm64: entry: Ensure branch through syscall table is bounded under\n speculation (bsc#1068032).\n - arm64: entry: Explicitly pass exception level to kernel_ventry macro\n (bsc#1068032).\n - arm64: entry: Hook up entry trampoline to exception vectors\n (bsc#1068032).\n - arm64: entry: remove pointless SPSR mode check (bsc#1068032).\n - arm64: entry: Reword comment about post_ttbr_update_workaround\n (bsc#1068032).\n - arm64: entry.S convert el0_sync (bsc#1068032).\n - arm64: entry.S: convert el1_sync (bsc#1068032).\n - arm64: entry.S: convert elX_irq (bsc#1068032).\n - arm64: entry.S: move SError handling into a C function for future\n expansion (bsc#1068032).\n - arm64: entry.S: Remove disable_dbg (bsc#1068032).\n - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code\n (bsc#1068032).\n - arm64: explicitly mask all exceptions (bsc#1068032).\n - arm64: factor out entry stack manipulation (bsc#1068032).\n - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032).\n - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros\n (bsc#1068032).\n - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm\n macro (bsc#1068032).\n - arm64: factor work_pending state machine to C (bsc#1068032).\n - arm64: Force KPTI to be disabled on Cavium ThunderX (bsc#1068032).\n - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382).\n - arm64: futex: Mask __user pointers prior to dereference (bsc#1068032).\n - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032).\n - arm64: Handle faults caused by inadvertent user access with PAN enabled\n (bsc#1068032).\n - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032).\n - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives\n (bsc#1068032).\n - arm64: Implement array_index_mask_nospec() (bsc#1068032).\n - arm64: Implement branch predictor hardening for affected Cortex-A CPUs\n (bsc#1068032).\n - arm64: Implement branch predictor hardening for Falkor (bsc#1068032).\n - arm64: Initialise high_memory global variable earlier (bnc#1012382).\n - arm64: introduce an order for exceptions (bsc#1068032).\n - arm64: introduce mov_q macro to move a constant into a 64-bit register\n (bsc#1068032).\n - arm64: Introduce uaccess_{disable,enable} functionality based on\n TTBR0_EL1 (bsc#1068032).\n - arm64: kaslr: Put kernel vectors address in separate data page\n (bsc#1068032).\n - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032).\n - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032).\n - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set\n (bnc#1012382).\n - arm64: kill ESR_LNX_EXEC (bsc#1068032).\n - arm64: kpti: Add ->enable callback to remap swapper using nG mappings\n (bsc#1068032).\n - arm64: kpti: Fix the interaction between ASID switching and software PAN\n (bsc#1068032).\n - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()\n (bsc#1068032).\n - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bsc#1076232).\n - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032).\n - arm64: kvm: Use per-CPU vector when BP hardening is enabled\n (bsc#1068032).\n - arm64: Make USER_DS an inclusive limit (bsc#1068032).\n - arm64: Mask all exceptions during kernel_exit (bsc#1068032).\n - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032).\n - arm64: mm: Allocate ASIDs in pairs (bsc#1068032).\n - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: hardcode rodata=true (bsc#1068032).\n - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR\n (bsc#1068032).\n - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI\n (bsc#1068032).\n - arm64: mm: Map entry trampoline into trampoline and kernel page tables\n (bsc#1068032).\n - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032).\n - arm64: mm: Permit transitioning from Global to Non-Global without BBM\n (bsc#1068032).\n - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003\n (bsc#1068032).\n - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032).\n - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032).\n - arm64: mm: Use non-global mappings for kernel space (bsc#1068032).\n - arm64: Move BP hardening to check_and_switch_context (bsc#1068032).\n - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032).\n - arm64: move TASK_* definitions to <asm/processor.h> (bsc#1068032).\n - arm64: Move the async/fiq helpers to explicitly set process context\n flags (bsc#1068032).\n - arm64: Run enable method for errata work arounds on late CPUs\n (bsc#1085045).\n - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to\n init_mm (bsc#1068032).\n - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032).\n - arm64: swp emulation: bound LL/SC retries before rescheduling\n (bsc#1068032).\n - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg\n (bsc#1068032).\n - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032).\n - arm64: thunderx2: remove branch predictor hardening References:\n bsc#1076232 This causes undefined instruction abort on the smc call from\n guest kernel. Disable until kvm is fixed.\n - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks\n (bsc#1068032).\n - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187).\n - arm64: uaccess: Do not bother eliding access_ok checks in __{get,\n put}_user (bsc#1068032).\n - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user\n (bsc#1068032).\n - arm64: uaccess: Prevent speculative use of the current addr_limit\n (bsc#1068032).\n - arm64: use alternative auto-nop (bsc#1068032).\n - arm64: Use pointer masking to limit uaccess speculation (bsc#1068032).\n - arm64: use RET instruction for exiting the trampoline (bsc#1068032).\n - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032).\n - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch\n (bnc#1012382).\n - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function\n (bnc#1012382).\n - arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032).\n - arm: avoid faulting on qemu (bnc#1012382).\n - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382).\n - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382).\n - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed\n memory (bnc#1012382).\n - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382).\n - arm: dts: am4372: Correct the interrupts_properties of McASP\n (bnc#1012382).\n - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen\n (bnc#1012382).\n - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7\n (bnc#1012382).\n - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382).\n - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382).\n - arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property\n (bnc#1012382).\n - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382).\n - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382).\n - arm: kprobes: Fix the return address of multiple kretprobes\n (bnc#1012382).\n - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls\n (bnc#1012382).\n - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382).\n - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382).\n - arm: OMAP2+: Fix device node reference counts (bnc#1012382).\n - arm: OMAP2+: Fix SRAM virt to phys translation for\n save_secure_ram_context (bnc#1012382).\n - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure\n (bnc#1012382).\n - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes).\n - arm: OMAP2+: Release device node after it is no longer needed\n (bnc#1012382).\n - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382).\n - arm: spear13xx: Fix dmas cells (bnc#1012382).\n - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382).\n - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382).\n - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382).\n - asm-prototypes: Clear any CPP defines before declaring the functions\n (git-fixes).\n - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382).\n - asn.1: fix out-of-bounds read when parsing indefinite length item\n (bnc#1012382).\n - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717).\n - ASoC: Intel: Kconfig: fix build when ACPI is not enabled (bnc#1012382).\n - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'\n (bsc#1031717).\n - ASoC: mediatek: add i2c dependency (bnc#1012382).\n - ASoC: nuc900: Fix a loop timeout test (bsc#1031717).\n - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - ASoC: rockchip: disable clock on error (bnc#1012382).\n - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382).\n - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382).\n - asoc: simple-card: Fix misleading error message (bnc#1012382).\n - ASoC: ux500: add MODULE_LICENSE tag (bnc#1012382).\n - ata: ahci_xgene: free structure returned by acpi_get_object_info()\n (bsc#1082979).\n - ata: pata_artop: remove redundant initialization of pio (bsc#1082979).\n - ata: sata_dwc_460ex: remove incorrect locking (bsc#1082979).\n - ath9k: fix tx99 potential info leak (bnc#1012382).\n - atm: horizon: Fix irq release error (bnc#1012382).\n - audit: ensure that 'audit=1' actually enables audit for PID 1\n (bnc#1012382).\n - axonram: Fix gendisk handling (bnc#1012382).\n - b2c2: flexcop: avoid unused function warnings (bnc#1012382).\n - backlight: pwm_bl: Fix overflow condition (bnc#1012382).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: bch_allocator_thread() is not freezable (bsc#1076110).\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bnc#1012382).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bnc#1012382).\n - bcache: gc does not work when triggering by manual command (bsc#1076110,\n bsc#1038078).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bnc#1012382 bsc#1043652).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110, bsc#1019784).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bnc#1012382\n bsc#1043652).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - be2net: restore properly promisc mode after queues reconfiguration\n (bsc#963844 FATE#320192).\n - binder: add missing binder_unlock() (bnc#1012382).\n - binder: check for binder_thread allocation failure in binder_poll()\n (bnc#1012382).\n - binfmt_elf: compat: avoid unused function warning (bnc#1012382).\n - blacklist acb1feab320e powerpc/64: Do not trace irqs-off at interrupt\n return to soft-disabled context\n - blacklist.conf: Blacklist 9d25e3cc83d731ae4eeb017fd07562fde3f80bef\n Exynos IOMMU is not enabled in any config.\n - blacklist.conf: blacklist d207af2eab3f8668b95ad02b21930481c42806fd\n - blacklist.conf: blacklist too intrusive patches (bsc#1082979)\n - blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set\n console_may_schedule in console_trylock()")\n - blacklist.conf: da391d640c528bc5bb227ea5b39c882b75ac3167 Comment-only fix\n - blk-mq: add warning to __blk_mq_run_hw_queue() for ints disabled\n (bsc#1084772).\n - blk-mq: stop 'delayed_run_work' in blk_mq_stop_hw_queue() (bsc#1084967).\n - blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk (bsc#1084772).\n - blktrace: fix unlocked registration of tracepoints (bnc#1012382).\n - block: fix an error code in add_partition() (bsc#1082979).\n - block: Fix __bio_integrity_endio() documentation (bsc#1082979).\n - block: wake up all tasks blocked in get_request() (bnc#1012382).\n - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382).\n - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382).\n - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"\n version (bnc#1012382).\n - bnx2x: do not rollback VF MAC/VLAN filters we did not configure\n (bnc#1012382).\n - bnx2x: fix possible overrun of VFPF multicast addresses array\n (bnc#1012382).\n - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382).\n - bnx2x: prevent crash when accessing PTP with interface down\n (bnc#1012382).\n - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine\n (bnc#1012382).\n - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382).\n - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382).\n - bpf: fix 32-bit divide by zero (bnc#1012382).\n - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382).\n - bpf: fix divides by zero (bnc#1012382).\n - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382).\n - bpf: reject stores into ctx via st and xadd (bnc#1012382).\n - bridge: implement missing ndo_uninit() (bsc#1042286).\n - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286).\n - btrfs: add missing memset while reading compressed inline extents\n (bnc#1012382).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: fix crash due to not cleaning up tree log block's dirty bits\n (bnc#1012382).\n - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382).\n - btrfs: fix deadlock when writing out space cache (bnc#1012382).\n - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree\n (bnc#1012382).\n - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989).\n - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382).\n - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker\n (bnc#1012382).\n - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once\n (bnc#1012382).\n - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382).\n - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: flex_can: Correct the checking for frame length in\n flexcan_start_xmit() (bnc#1012382).\n - can: gs_usb: fix return value of the "set_bittiming" callback\n (bnc#1012382).\n - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()\n (bnc#1012382).\n - can: kvaser_usb: free buf in error paths (bnc#1012382).\n - can: kvaser_usb: ratelimit errors if incomplete messages are received\n (bnc#1012382).\n - can: peak: fix potential bug in packet fragmentation (bnc#1012382).\n - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382).\n - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: turn off autoclose by default (bsc#1080813).\n - cdrom: wait for tray to close (bsc#1048585).\n - ceph: fix incorrect snaprealm when adding caps (bsc#1081735).\n - ceph: fix un-balanced fsc->writeback_count update (bsc#1081735).\n - ceph: more accurate statfs (bsc#1077068).\n - cfg80211: check dev_set_name() return value (bnc#1012382).\n - cfg80211: fix cfg80211_beacon_dup (bnc#1012382).\n - cifs: dump IPC tcon in debug proc file (bsc#1071306).\n - cifs: Fix autonegotiate security settings mismatch (bnc#1012382).\n - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382).\n - cifs: make IPC a regular tcon (bsc#1071306).\n - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl\n (bsc#1071306).\n - cifs: zero sensitive data when freeing (bnc#1012382).\n - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382).\n - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o\n VPU (bnc#1012382).\n - clk: mediatek: add the option for determining PLL source clock\n (bnc#1012382).\n - clk: tegra: Fix cclk_lp divisor register (bnc#1012382).\n - config: arm64: enable HARDEN_BRANCH_PREDICTOR\n - config: arm64: enable UNMAP_KERNEL_AT_EL0\n - console/dummy: leave .con_font_get set to NULL (bnc#1012382).\n - cpufreq: Add Loongson machine dependencies (bnc#1012382).\n - cpuidle: fix broadcast control when broadcast can not be entered\n (bnc#1012382).\n - cpuidle: powernv: Pass correct drv->cpumask for registration\n (bnc#1012382).\n - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382).\n - crypto: aesni - handle zero length dst buffer (bnc#1012382).\n - crypto: af_alg - whitelist mask and type (bnc#1012382).\n - crypto: algapi - fix NULL dereference in crypto_remove_spawns()\n (bnc#1012382).\n - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382).\n - crypto: chacha20poly1305 - validate the digest size (bnc#1012382).\n - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325).\n - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382).\n - crypto: crypto4xx - increase context and scatter ring buffer elements\n (bnc#1012382).\n - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex\n (bnc#1012382).\n - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382).\n - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382).\n - crypto: n2 - cure use after free (bnc#1012382).\n - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382).\n - crypto: poly1305 - remove ->setkey() method (bnc#1012382).\n - crypto: s5p-sss - Fix completing crypto request in IRQ handler\n (bnc#1012382).\n - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382).\n - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382).\n - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382).\n - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382).\n - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382).\n - cxl: Check if vphb exists before iterating over AFU devices\n (bsc#1066223).\n - dax: Pass detailed error code from __dax_fault() (bsc#1072484).\n - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state\n (bnc#1012382).\n - dccp: limit sk_filter trim to payload (bsc#1042286).\n - Deadly BUG_ON() had not been removed after all, merely relocated.\n (bnc#1083056)\n - delay: add poll_event_interruptible (bsc#1048585).\n - dell-wmi, dell-laptop: depends DMI (bnc#1012382).\n - direct-io: Fix sleep in atomic due to sync AIO (bsc#1084888).\n - dlm: fix double list_del() (bsc#1082795).\n - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704).\n - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795).\n - dmaengine: at_hdmac: fix potential NULL pointer dereference in\n atc_prep_dma_interleaved (bnc#1012382).\n - dmaengine: dmatest: fix container_of member in dmatest_callback\n (bnc#1012382).\n - dmaengine: dmatest: move callback wait queue to thread context\n (bnc#1012382).\n - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()\n (bnc#1012382).\n - dmaengine: ioat: Fix error handling path (bnc#1012382).\n - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382).\n - dmaengine: pl330: fix double lock (bnc#1012382).\n - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type\n (bnc#1012382).\n - dmaengine: zx: fix build warning (bnc#1012382).\n - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382).\n - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)\n (bnc#1012382).\n - dm: correctly handle chained bios in dec_pending() (bnc#1012382).\n - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382).\n - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock\n (bnc#1012382).\n - do not put symlink bodies in pagecache into highmem (bnc#1012382).\n - dpt_i2o: fix build warning (bnc#1012382).\n - driver-core: use 'dev' argument in dev_dbg_ratelimited stub\n (bnc#1012382).\n - drivers/firmware: Expose psci_get_version through psci_ops structure\n (bsc#1068032).\n - drivers: hv: balloon: Correctly update onlined page count (fate#315887,\n bsc#1082632).\n - drivers: hv: balloon: Initialize last_post_time on startup (fate#315887,\n bsc#1082632).\n - drivers: hv: balloon: Show the max dynamic memory assigned (fate#315887,\n bsc#1082632).\n - drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id\n (fate#315887, bsc#1082632).\n - drivers: hv: Turn off write permission on the hypercall page\n (fate#315887, bsc#1082632).\n - drivers: hv: vmbus: Fix rescind handling (fate#315887, bsc#1082632).\n - drivers: hv: vmbus: Fix rescind handling issues (fate#315887,\n bsc#1082632).\n - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382).\n - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382).\n - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382).\n - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode\n (bnc#1012382).\n - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382).\n - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382).\n - drm/armada: fix leak of crtc structure (bnc#1012382).\n - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382).\n - drm: extra printk() wrapper macros (bnc#1012382).\n - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement\n (bnc#1012382).\n - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU\n (bnc#1012382).\n - drm/gma500: remove helper function (bnc#1012382).\n - drm/gma500: Sanity-check pipe index (bnc#1012382).\n - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382).\n - drm/nouveau/pci: do a msi rearm on init (bnc#1012382).\n - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382).\n - drm/radeon: adjust tested variable (bnc#1012382).\n - drm/radeon: reinstate oland workaround for sclk (bnc#1012382).\n - drm/radeon/si: add dpm quirk for Oland (bnc#1012382).\n - drm: rcar-du: Fix race condition when disabling planes at CRTC stop\n (bnc#1012382).\n - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382).\n - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all\n (bnc#1012382).\n - drm/ttm: check the return value of kzalloc (bnc#1012382).\n - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382).\n - drm/vmwgfx: use *_32_bits() macros (bnc#1012382).\n - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE\n instead of 0 (bnc#1012382).\n - e1000: fix disabling already-disabled warning (bnc#1012382).\n - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382).\n - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382).\n - edac, octeon: Fix an uninitialized variable warning (bnc#1012382).\n - edac, sb_edac: Fix missing break in switch (bnc#1012382).\n - efi/esrt: Cleanup bad memory map log messages (bnc#1012382).\n - efi: Move some sysfs files to be read-only by root (bnc#1012382).\n - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382).\n - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump\n - eventpoll.h: add missing epoll event masks (bnc#1012382).\n - ext4: correct documentation for grpid mount option (bnc#1012382).\n - ext4: do not unnecessarily allocate buffer in recently_deleted()\n (bsc#1080344).\n - ext4: fix crash when a directory's i_size is too small (bnc#1012382).\n - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864).\n - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484).\n - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382).\n - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382).\n - f2fs: fix a bug caused by NULL extent tree (bsc#1082478).\n - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382).\n - fbdev: controlfb: Add missing modes to fix out of bounds access\n (bnc#1012382).\n - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382).\n - fbdev: sis: enforce selection of at least one backend (bnc#1012382).\n - fbdev: sm712fb: avoid unused function warnings (bnc#1012382).\n - Fix build error in vma.c (bnc#1012382).\n - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052).\n - fjes: Fix wrong netdevice feature flags (bnc#1012382).\n - flow_dissector: properly cap thoff field (bnc#1012382).\n - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - fs: Avoid invalidation in interrupt context in dio_complete()\n (bsc#1073407 bsc#1069135).\n - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382).\n - fs: Fix page cache inconsistency when mixing buffered and AIO DIO\n (bsc#1073407 bsc#1069135).\n - fs: invalidate page cache after end_io() in dio completion (bsc#1073407\n bsc#1069135).\n - ftrace: Remove incorrect setting of glob search field (bnc#1012382).\n - futex: Prevent overflow by strengthen input validation (bnc#1012382).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286).\n - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg\n (bnc#1012382).\n - genirq/msi: Fix populating multiple interrupts (bsc#1085047).\n - genirq: Restore trigger settings in irq_modify_status() (bsc#1085056).\n - genksyms: Fix segfault with invalid declarations (bnc#1012382).\n - gfs2: Take inode off order_write list when setting jdata flag\n (bnc#1012382).\n - gianfar: fix a flooded alignment reports because of padding issue\n (bnc#1012382).\n - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382).\n - gpio: altera: Use handle_level_irq when configured as a level_high\n (bnc#1012382).\n - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382).\n - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382).\n - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).\n - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382).\n - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382).\n - gre: build header correctly for collect metadata tunnels (bsc#1042286).\n - gre: do not assign header_ops in collect metadata mode (bsc#1042286).\n - gre: do not keep the GRE header around in collect medata mode\n (bsc#1042286).\n - gre: reject GUE and FOU in collect metadata mode (bsc#1042286).\n - hdpvr: hide unused variable (bnc#1012382).\n - hid: chicony: Add support for another ASUS Zen AiO keyboard\n (bnc#1012382).\n - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working\n (bnc#1012382).\n - hid: xinmo: fix for out of range for THT 2P arcade controller\n (bnc#1012382).\n - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close\n (bnc#1012382).\n - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)\n (bnc#1012382).\n - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382).\n - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382).\n - hv_netvsc: Add ethtool handler to set and get TCP hash levels\n (fate#315887, bsc#1082632).\n - hv_netvsc: Add ethtool handler to set and get UDP hash levels\n (fate#315887, bsc#1082632).\n - hv_netvsc: Add initialization of tx_table in netvsc_device_add()\n (fate#315887, bsc#1082632).\n - hv_netvsc: Change the hash level variable to bit flags (fate#315887,\n bsc#1082632).\n - hv_netvsc: Clean up an unused parameter in rndis_filter_set_rss_param()\n (fate#315887, bsc#1082632).\n - hv_netvsc: Clean up unused parameter from netvsc_get_hash()\n (fate#315887, bsc#1082632).\n - hv_netvsc: Clean up unused parameter from netvsc_get_rss_hash_opts()\n (fate#315887, bsc#1082632).\n - hv_netvsc: copy_to_send buf can be void (fate#315887, bsc#1082632).\n - hv_netvsc: do not need local xmit_more (fate#315887, bsc#1082632).\n - hv_netvsc: drop unused macros (fate#315887, bsc#1082632).\n - hv_netvsc: empty current transmit aggregation if flow blocked\n (fate#315887, bsc#1082632).\n - hv_netvsc: Fix rndis_filter_close error during netvsc_remove\n (fate#315887, bsc#1082632).\n - hv_netvsc: fix send buffer failure on MTU change (fate#315887,\n bsc#1082632).\n - hv_netvsc: Fix the channel limit in netvsc_set_rxfh() (fate#315887,\n bsc#1082632).\n - hv_netvsc: Fix the real number of queues of non-vRSS cases (fate#315887,\n bsc#1082632).\n - hv_netvsc: Fix the receive buffer size limit (fate#315887, bsc#1082632).\n - hv_netvsc: Fix the TX/RX buffer default sizes (fate#315887, bsc#1082632).\n - hv_netvsc: hide warnings about uninitialized/missing rndis device\n (fate#315887, bsc#1082632).\n - hv_netvsc: make const array ver_list static, reduces object code size\n (fate#315887, bsc#1082632).\n - hv_netvsc: optimize initialization of RNDIS header (fate#315887,\n bsc#1082632).\n - hv_netvsc: pass netvsc_device to receive callback (fate#315887,\n bsc#1082632).\n - hv_netvsc: remove open_cnt reference count (fate#315887, bsc#1082632).\n - hv_netvsc: Rename ind_table to rx_table (fate#315887, bsc#1082632).\n - hv_netvsc: Rename tx_send_table to tx_table (fate#315887, bsc#1082632).\n - hv_netvsc: replace divide with mask when computing padding (fate#315887,\n bsc#1082632).\n - hv_netvsc: report stop_queue and wake_queue (fate#315887, bsc#1082632).\n - hv_netvsc: simplify function args in receive status path (fate#315887,\n bsc#1082632).\n - hv_netvsc: Simplify the limit check in netvsc_set_channels()\n (fate#315887, bsc#1082632).\n - hv_netvsc: track memory allocation failures in ethtool stats\n (fate#315887, bsc#1082632).\n - hv: preserve kabi by keeping hv_do_hypercall (bnc#1082632).\n - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382).\n - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382).\n - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382).\n - hyper-v: trace vmbus_ongpadl_created() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_ongpadl_torndown() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_on_message() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_on_msg_dpc() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_onoffer() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_onoffer_rescind() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_onopen_result() (fate#315887, bsc#1082632).\n - hyper-v: trace vmbus_onversion_response() (fate#315887, bsc#1082632).\n - hyper-v: Use fast hypercall for HVCALL_SIGNAL_EVENT (fate#315887,\n bsc#1082632).\n - i2c: remove __init from i2c_register_board_info() (bnc#1012382).\n - i40iw: Account for IPv6 header when setting MSS (bsc#1024376\n FATE#321249).\n - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249).\n - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249).\n - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376\n FATE#321249).\n - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249).\n - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376\n FATE#321249).\n - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE\n (bsc#1024376 FATE#321249).\n - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249).\n - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376\n FATE#321249).\n - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249).\n - i40iw: Fix sequence number for the first partial FPDU (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376\n FATE#321249).\n - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376\n FATE#321249).\n - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376\n FATE#321249).\n - i40iw: Move MPA request event for loopback after connect (bsc#1024376\n FATE#321249).\n - i40iw: Notify user of established connection after QP in RTS\n (bsc#1024376 FATE#321249).\n - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249).\n - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376\n FATE#321249).\n - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n - ib/hfi1: Fix for potential refcount leak in hfi1_open_file()\n (FATE#321231 FATE#321473).\n - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242).\n - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818\n FATE#319242).\n - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush\n (git-fixes).\n - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350).\n - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop\n (bnc#1012382).\n - ib/iser: Handle lack of memory management extentions correctly\n (bsc#1082979).\n - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH\n ports (bnc#1012382).\n - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382).\n - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382).\n - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382).\n - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688\n bsc#1015343 FATE#321689).\n - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239).\n - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239).\n - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872).\n - ibmvnic: Allocate max queues stats buffers (bsc#1081498).\n - ibmvnic: Allocate statistics buffers during probe (bsc#1082993).\n - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134,\n git-fixes).\n - ibmvnic: Clean RX pool buffers during device close (bsc#1081134).\n - ibmvnic: Clean up device close (bsc#1084610).\n - ibmvnic: Correct goto target for tx irq initialization failure\n (bsc#1082223).\n - ibmvnic: Do not attempt to login if RX or TX queues are not allocated\n (bsc#1082993).\n - ibmvnic: Do not disable device during failover or partition migration\n (bsc#1084610).\n - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066).\n - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014).\n - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes).\n - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038).\n - ibmvnic: fix firmware version when no firmware level has been provided\n by the VIOS server (bsc#1079038).\n - ibmvnic: Fix IP offload control buffer (bsc#1076899).\n - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899).\n - ibmvnic: Fix login buffer memory leaks (bsc#1081134).\n - ibmvnic: Fix NAPI structures memory leak (bsc#1081134).\n - ibmvnic: Fix pending MAC address changes (bsc#1075627).\n - ibmvnic: Fix recent errata commit (bsc#1085239).\n - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014).\n - ibmvnic: Fix TX descriptor tracking again (bsc#1082993).\n - ibmvnic: Fix TX descriptor tracking (bsc#1081491).\n - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change\n (bsc#1081498).\n - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134).\n - ibmvnic: Generalize TX pool structure (bsc#1085224).\n - ibmvnic: Handle TSO backing device errata (bsc#1085239).\n - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993).\n - ibmvnic: Improve TX buffer accounting (bsc#1085224).\n - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491).\n - ibmvnic: Make napi usage dynamic (bsc#1081498).\n - ibmvnic: Modify buffer size and number of queues on failover\n (bsc#1076872).\n - ibmvnic: Move active sub-crq count settings (bsc#1081498).\n - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239).\n - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263).\n - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384).\n - ibmvnic: Rename active queue count variables (bsc#1081498).\n - ibmvnic: Reorganize device close (bsc#1084610).\n - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993).\n - ibmvnic: Reset long term map ID counter (bsc#1080364).\n - ibmvnic: Revert to previous mtu when unsupported value requested\n (bsc#1076872).\n - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223).\n - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224).\n - ibmvnic: Update release RX pool routine (bsc#1085224).\n - ibmvnic: Update TX and TX completion routines (bsc#1085224).\n - ibmvnic: Update TX pool initialization routine (bsc#1085224).\n - ibmvnic: Wait for device response when changing MAC (bsc#1078681).\n - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134).\n - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231\n FATE#321473).\n - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818,\n fate#319242).\n - ib/srpt: Disable RDMA access by the initiator (bnc#1012382).\n - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265).\n - ib/srpt: Remove an unused structure member (bsc#1082979).\n - idle: i7300: add PCI dependency (bnc#1012382).\n - igb: check memory allocation failure (bnc#1012382).\n - igb: Free IRQs when device is hotplugged (bnc#1012382).\n - iio: adc: axp288: remove redundant duplicate const on\n axp288_adc_channels (bnc#1012382).\n - iio: adis_lib: Initialize trigger before requesting interrupt\n (bnc#1012382).\n - iio: buffer: check if a buffer has been set up when poll is called\n (bnc#1012382).\n - ima: fix hash algorithm initialization (bnc#1012382).\n - inet: frag: release spinlock before calling icmp_send() (bnc#1012382).\n - input: 88pm860x-ts - fix child-node lookup (bnc#1012382).\n - input: elantech - add new icbody type 15 (bnc#1012382).\n - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list\n (bnc#1012382).\n - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning\n (bnc#1012382).\n - input: tca8418_keypad - remove double read of key event register\n (git-fixes).\n - input: trackpoint - force 3 buttons if 0 button is reported\n (bnc#1012382).\n - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix child-node lookup (bnc#1012382).\n - input: twl6040-vibra - fix DT node memory management (bnc#1012382).\n - intel_th: pci: Add Gemini Lake support (bnc#1012382).\n - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772).\n - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772).\n - iommu/amd: Fix alloc_irq_index() increment (bsc#975772).\n - iommu/amd: Limit the IOVA page range to the specified addresses\n (fate#321026).\n - iommu/arm-smmu-v3: Cope with duplicated Stream IDs (bsc#1084926).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382).\n - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range\n (bsc#1084928).\n - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382).\n - iommu/vt-d: Use domain instead of cache fetching (bsc#975772).\n - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912\n FATE#321246).\n - ip6mr: fix stale iterator (bnc#1012382).\n - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382).\n - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n - ipmi: Stop timers before cleaning up the module (bnc#1012382).\n - ip_tunnel: fix preempt warning in ip tunnel creation/updating\n (bnc#1012382).\n - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382).\n - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286).\n - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286).\n - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382).\n - ipv4: igmp: guard against silly MTU values (bnc#1012382).\n - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382).\n - ipv4: Make neigh lookup keys for loopback/point-to-point devices be\n INADDR_ANY (bnc#1012382).\n - ipv4: update comment to document GSO fragmentation cases (bsc#1042286).\n - ipv6: datagram: Refactor dst lookup and update codes to a new function\n (bsc#1042286).\n - ipv6: datagram: Refactor flowi6 init codes to a new function\n (bsc#1042286).\n - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu\n update (bsc#1042286).\n - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286).\n - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL\n (bnc#1012382).\n - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382).\n - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382).\n - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382).\n - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286).\n - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes).\n - ipv6: mcast: better catch silly mtu values (bnc#1012382).\n - ipv6: remove unused in6_addr struct (bsc#1042286).\n - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382).\n - ipv6: tcp: fix endianness annotation in tcp_v6_send_response\n (bsc#1042286).\n - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286).\n - ipvlan: Add the skb->mark as flow4's member to lookup route\n (bnc#1012382).\n - ipvlan: fix ipv6 outbound device (bnc#1012382).\n - ipvlan: fix multicast processing (bsc#1042286).\n - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286).\n - ipvlan: remove excessive packet scrubbing (bsc#1070799).\n - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382).\n - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382).\n - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()\n (bnc#1012382).\n - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129).\n - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382).\n - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref\n (bnc#1012382).\n - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382).\n - isdn: icn: remove a #warning (bnc#1012382).\n - isdn: kcapi: avoid uninitialized data (bnc#1012382).\n - isdn: sc: work around type mismatch warning (bnc#1012382).\n - iser-target: Fix possible use-after-free in connection establishment\n error (FATE#321732).\n - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382).\n - ixgbe: fix use of uninitialized padding (bnc#1012382).\n - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path\n (git-fixes).\n - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382).\n - Kabi: Keep KVM stable after enable s390 wire up bpb feature\n (bsc#1076805).\n - kABI: protect struct bpf_map (kabi).\n - kABI: protect struct cpuinfo_x86 (kabi).\n - kABI: protect struct ethtool_link_settings (bsc#1085050).\n - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all\n (kabi).\n - kABI: protect struct ipv6_pinfo (kabi).\n - kABI: protect struct t10_alua_tg_pt_gp (kabi).\n - kABI: protect struct usbip_device (kabi).\n - kABI: reintroduce crypto_poly1305_setkey (kabi).\n - kabi: restore kabi after "net: replace dst_cache ip6_tunnel\n implementation with the generic one" (bsc#1082897).\n - kabi: restore nft_set_elem_destroy() signature (bsc#1042286).\n - kabi: restore rhashtable_insert_slow() signature (bsc#1042286).\n - kabi/severities: add sclp to KABI ignore list\n - kabi/severities: add __x86_indirect_thunk_rsp\n - kabi/severities: arm64: ignore cpu capability array\n - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have\n spoken, let there be light.\n - kabi/severities: do not care about stuff_RSB\n - kabi/severities: Ignore kvm for KABI severities\n - kabi: uninline sk_receive_skb() (bsc#1042286).\n - kaiser: fix compile error without vsyscall (bnc#1012382).\n - kaiser: fix intel_bts perf crashes (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382).\n - kasan: rework Kconfig settings (bnc#1012382).\n - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382).\n - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382).\n - kernel/acct.c: fix the acct->needcheck check in check_free_space()\n (bnc#1012382).\n - kernel/async.c: revert "async: simplify lowest_in_progress()"\n (bnc#1012382).\n - kernel: fix rwlock implementation (bnc#1079886, LTC#164371).\n - kernel: make groups_sort calling a responsibility group_info allocators\n (bnc#1012382).\n - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from\n !sig_kernel_only() signals (bnc#1012382).\n - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL\n (bnc#1012382).\n - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in\n complete_signal() (bnc#1012382).\n - kernfs: fix regression in kernfs_fop_write caused by wrong type\n (bnc#1012382).\n - keys: add missing permission check for request_key() destination\n (bnc#1012382).\n - keys: encrypted: fix buffer overread in valid_master_desc()\n (bnc#1012382).\n - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382).\n - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382).\n - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382).\n - kpti: Report when enabled (bnc#1012382).\n - kvm: add X86_LOCAL_APIC dependency (bnc#1012382).\n - kvm: ARM64: fix phy counter access failure in guest (bsc#1085015).\n - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2\n (bsc#1079029).\n - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382).\n - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types\n (bnc#1012382).\n - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2\n (bnc#1012382).\n - kvm: nVMX: invvpid handling improvements (bnc#1012382).\n - kvm: nVMX: kmap() can't fail (bnc#1012382).\n - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset\n (bnc#1012382).\n - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382).\n - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail\n (bnc#1012382).\n - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables\n (bnc#1012382).\n - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled\n (bsc#1066223).\n - kvm: s390: Add operation exception interception handler (FATE#324070,\n LTC#158959).\n - kvm: s390: Add sthyi emulation (FATE#324070, LTC#158959).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (bsc#1076805).\n - kvm: s390: Enable all facility bits that are known good for passthrough\n (FATE#324071, LTC#158956).\n - kvm: s390: Extend diag 204 fields (FATE#324070, LTC#158959).\n - kvm: s390: Fix STHYI buffer alignment for diag224 (FATE#324070,\n LTC#158959).\n - kvm: s390: instruction-execution-protection support (LTC#162428).\n - kvm: s390: Introduce BCD Vector Instructions to the guest (FATE#324072,\n LTC#158953).\n - kvm: s390: Introduce Vector Enhancements facility 1 to the guest\n (FATE#324072, LTC#158953).\n - kvm: s390: Limit sthyi execution (FATE#324070, LTC#158959).\n - kvm: s390: Populate mask of non-hypervisor managed facility bits\n (FATE#324071, LTC#158956).\n - kvm: s390: wire up bpb feature (bsc#1076805).\n - kvm: VMX: clean up declaration of VPID/EPT invalidation types\n (bnc#1012382).\n - kvm: VMX: Fix enable VPID conditions (bnc#1012382).\n - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382).\n - kvm: VMX: Make indirect call speculation safe (bnc#1012382).\n - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382).\n - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032).\n - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382).\n - kvm: x86: correct async page present tracepoint (bnc#1012382).\n - kvm: x86: Do not re-execute instruction when not passing CR2 value\n (bnc#1012382).\n - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure\n (bnc#1012382).\n - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382).\n - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382).\n - kvm: X86: Fix operand/address-size during instruction decoding\n (bnc#1012382).\n - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382).\n - kvm: x86: ioapic: Clear Remote IRR when entry is switched to\n edge-triggered (bnc#1012382).\n - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race\n (bnc#1012382).\n - kvm: x86: ioapic: Preserve read-only values in the redirection table\n (bnc#1012382).\n - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382).\n - kvm/x86: Reduce retpoline performance impact in\n slot_handle_level_range(), by always inlining iterator helper methods\n (bnc#1012382).\n - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382).\n - l2tp: fix use-after-free during module unload (bsc#1042286).\n - lan78xx: Fix failure in USB Full Speed (bnc#1012382).\n - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382).\n - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices\n (bnc#1012382).\n - libata: drop WARN from protocol error in ata_sff_qc_issue()\n (bnc#1012382).\n - libceph: check kstrndup() return value (bsc#1081735).\n - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382).\n - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382).\n - lib/uuid.c: introduce a few more generic helpers (fate#315887,\n bsc#1082632).\n - lib/uuid.c: use correct offset in uuid parser (fate#315887, bsc#1082632).\n - livepatch: introduce shadow variable API (bsc#1082299 fate#313296).\n Shadow variables support.\n - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299\n fate#313296). Shadow variables support.\n - lockd: fix "list_add double add" caused by legacy signal interface\n (bnc#1012382).\n - loop: fix concurrent lo_open/lo_release (bnc#1012382).\n - mac80211: fix the update of path metric for RANN frame (bnc#1012382).\n - mac80211: mesh: drop frames appearing to be from us (bnc#1012382).\n - macvlan: Only deliver one copy of the frame to the macvlan interface\n (bnc#1012382).\n - Make DST_CACHE a silent config option (bnc#1012382).\n - mdio-sun4i: Fix a memory leak (bnc#1012382).\n - md: more open-coded offset_in_page() (bsc#1076110).\n - md/raid1: Use a new variable to count flighting sync\n requests(bsc#1083048)\n - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382).\n - media: dvb: i2c transfers over usb cannot be done from stack\n (bnc#1012382).\n - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start\n (bnc#1012382).\n - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner\n (bnc#1012382).\n - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382).\n - media: s5k6aa: describe some function parameters (bnc#1012382).\n - media: soc_camera: soc_scale_crop: add missing\n MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382).\n - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382).\n - media: usbtv: add a new usbid (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: do not copy back the result for certain\n errors (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: move 'helper' functions to\n __get/put_v4l2_format32 (bnc#1012382).\n - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic\n (bnc#1012382).\n - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY\n (bnc#1012382).\n - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382).\n - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382).\n - mfd: twl6040: Fix child-node lookup (bnc#1012382).\n - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012382).\n - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses\n (bnc#1012382).\n - MIPS: Factor out NT_PRFPREG regset access helpers (bnc#1012382).\n - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA\n (bnc#1012382).\n - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET\n (bnc#1012382).\n - MIPS: math-emu: Fix final emulation phase for certain instructions\n (bnc#1012382).\n - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the\n task (bnc#1012382).\n - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382).\n - mlxsw: reg: Fix SPVM max record count (bnc#1012382).\n - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers\n (bnc#1012382).\n - mmc: bcm2835: Do not overwrite max frequency unconditionally\n (bsc#983145, git-fixes).\n - mmc: mediatek: Fixed bug where clock frequency could be set wrong\n (bnc#1012382).\n - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382).\n - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382).\n - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382).\n - mm: hide a #warning for COMPILE_TEST (bnc#1012382).\n - mm/kmemleak.c: make cond_resched() rate-limiting more efficient\n (git-fixes).\n - mm/mprotect: add a cond_resched() inside change_pmd_range()\n (bnc#1077871, bnc#1078002).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()\n failed (bnc#1012382).\n - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP\n (bnc#1012382).\n - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user\n copy (bnc#1012382).\n - modsign: hide openssl output in silent builds (bnc#1012382).\n - module: Add retpoline tag to VERMAGIC (bnc#1012382).\n - module/retpoline: Warn about missing retpoline in module (bnc#1012382).\n - module: set __jump_table alignment to 8 (bnc#1012382).\n - more bio_map_user_iov() leak fixes (bnc#1012382).\n - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583).\n - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382).\n - mtd: cfi: convert inline functions to macros (bnc#1012382).\n - mtd: cfi: enforce valid geometry configuration (bnc#1012382).\n - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382).\n - mtd: maps: add __init attribute (bnc#1012382).\n - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382).\n - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382).\n - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM\n (bnc#1012382).\n - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382).\n - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382).\n - mvpp2: fix multicast address filter (bnc#1012382).\n - ncpfs: fix unused variable warning (bnc#1012382).\n - ncr5380: shut up gcc indentation warning (bnc#1012382).\n - net: add dst_cache support (bnc#1012382).\n - net: Allow neigh contructor functions ability to modify the primary_key\n (bnc#1012382).\n - net/appletalk: Fix kernel memory disclosure (bnc#1012382).\n - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382).\n - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382).\n - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382).\n - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values\n (bnc#1012382).\n - net: bcmgenet: power down internal phy if open or resume fails\n (bnc#1012382).\n - net: bcmgenet: Power up the internal PHY before probing the MII\n (bnc#1012382).\n - net: bcmgenet: reserved phy revisions must be checked first\n (bnc#1012382).\n - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink\n leaks (bnc#1012382).\n - net: cdc_ncm: initialize drvflags before usage (bnc#1012382).\n - net: core: fix module type in sock_diag_bind (bnc#1012382).\n - net: Do not allow negative values for busy_read and busy_poll sysctl\n interfaces (bnc#1012382).\n - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382).\n - net: ena: add detection and recovery mechanism for handling\n missed/misrouted MSI-X (bsc#1083548).\n - net: ena: add new admin define for future support of IPv6 RSS\n (bsc#1083548).\n - net: ena: add power management ops to the ENA driver (bsc#1083548).\n - net: ena: add statistics for missed tx packets (bsc#1083548).\n - net: ena: fix error handling in ena_down() sequence (bsc#1083548).\n - net: ena: fix race condition between device reset and link up setup\n (bsc#1083548).\n - net: ena: fix rare kernel crash when bar memory remap fails\n (bsc#1083548).\n - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548).\n - net: ena: improve ENA driver boot time (bsc#1083548).\n - net: ena: increase ena driver version to 1.3.0 (bsc#1083548).\n - net: ena: increase ena driver version to 1.5.0 (bsc#1083548).\n - net: ena: reduce the severity of some printouts (bsc#1083548).\n - net: ena: remove legacy suspend suspend/resume support (bsc#1083548).\n - net: ena: Remove redundant unlikely() (bsc#1083548).\n - net: ena: unmask MSI-X only after device initialization is completed\n (bsc#1083548).\n - net: ethernet: cavium: Correct Cavium Thunderx NIC driver names\n accordingly to module name (bsc#1085011).\n - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit\n (bnc#1012382).\n - net: ethtool: Add back transceiver type (bsc#1085050).\n - net: ethtool: remove error check for legacy setting transceiver type\n (bsc#1085050).\n - net: fec: fix multicast filtering hardware setup (bnc#1012382).\n - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382).\n - netfilter: do not track fragmented packets (bnc#1012382).\n - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382).\n - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets\n (bsc#1085107).\n - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in\n clusterip_tg_check() (bnc#1012382).\n - netfilter: ipvs: avoid unused variable warnings (bnc#1012382).\n - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382).\n - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382).\n - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134).\n - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash\n table (bnc#1012382).\n - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382).\n - netfilter: nfnl_cthelper: fix runtime expectation policy updates\n (bnc#1012382).\n - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382).\n - netfilter: nf_tables: fix a wrong check to skip the inactive rules\n (bsc#1042286).\n - netfilter: nf_tables: fix inconsistent element expiration calculation\n (bsc#1042286).\n - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286).\n - netfilter: nf_tables: fix race when create new element in dynset\n (bsc#1042286).\n - netfilter: on sockopt() acquire sock lock only in the required scope\n (bnc#1012382).\n - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286).\n - netfilter: x_tables: avoid out-of-bounds reads in\n xt_request_find_{match|target} (bnc#1012382).\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info()\n (bnc#1012382).\n - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert\n (bnc#1012382).\n - netfilter: xt_socket: fix transparent match for IPv6 request sockets\n (bsc#1042286).\n - net: Fix double free and memory corruption in get_net_ns_by_id()\n (bnc#1012382).\n - net: gianfar_ptp: move set_fipers() to spinlock protecting area\n (bnc#1012382).\n - net: hns: add ACPI mode support for ethtool -p (bsc#1084041).\n - net: hp100: remove unnecessary #ifdefs (bnc#1012382).\n - net: igmp: add a missing rcu locking section (bnc#1012382).\n - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382).\n - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382).\n - net: initialize msg.msg_flags in recvfrom (bnc#1012382).\n - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382).\n - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags\n (bsc#1042286).\n - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382).\n - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y\n (bnc#1012382).\n - net/mlx5: Avoid NULL pointer dereference on steering cleanup\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare\n (bsc#1015342).\n - net/mlx5e: Fix loopback self test when GRO is off (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225\n bsc#966172 FATE#320226).\n - net/mlx5e: Fix wrong delay calculation for overflow check scheduling\n (bsc#966170 FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5e: Verify inline header size do not exceed SKB linear size\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342\n FATE#321688 bsc#1015343 FATE#321689).\n - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170\n FATE#320225 bsc#966172 FATE#320226).\n - net/mlx5: Use 128B cacheline size for 128B or larger cachelines\n (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).\n - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382).\n - net: mvneta: clear interface link status on port disable (bnc#1012382).\n - net: mvneta: eliminate wrong call to handle rx descriptor error\n (fate#319899).\n - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899).\n - net/packet: fix a race in packet_bind() and packet_notifier()\n (bnc#1012382).\n - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382).\n - net: phy: Keep reporting transceiver type (bsc#1085050).\n - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg\n workaround (bnc#1012382).\n - net: qdisc_pkt_len_init() should be more robust (bnc#1012382).\n - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382).\n - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4\n (bnc#1012382).\n - net: reevalulate autoflowlabel setting after sysctl setting\n (bnc#1012382).\n - net: replace dst_cache ip6_tunnel implementation with the generic one\n (bnc#1012382).\n - net: Resend IGMP memberships upon peer notification (bnc#1012382).\n - net_sched: red: Avoid devision by zero (bnc#1012382).\n - net_sched: red: Avoid illegal values (bnc#1012382).\n - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382).\n - net/smc: fix NULL pointer dereference on sock_create_kern() error path\n (bsc#1082979).\n - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382).\n - net: systemport: Pad packet before inserting TSB (bnc#1012382).\n - net: systemport: Utilize skb_put_padto() (bnc#1012382).\n - net: tcp: close sock if net namespace is exiting (bnc#1012382).\n - netvsc: allow controlling send/recv buffer size (fate#315887,\n bsc#1082632).\n - netvsc: allow driver to be removed even if VF is present (fate#315887,\n bsc#1082632).\n - netvsc: check error return when restoring channels and mtu (fate#315887,\n bsc#1082632).\n - netvsc: cleanup datapath switch (fate#315887, bsc#1082632).\n - netvsc: do not signal host twice if empty (fate#315887, bsc#1082632).\n - netvsc: fix deadlock betwen link status and removal (fate#315887,\n bsc#1082632).\n - netvsc: increase default receive buffer size (fate#315887, bsc#1082632).\n - netvsc: keep track of some non-fatal overload conditions (fate#315887,\n bsc#1082632).\n - netvsc: no need to allocate send/receive on numa node (fate#315887,\n bsc#1082632).\n - netvsc: propagate MAC address change to VF slave (fate#315887,\n bsc#1082632).\n - netvsc: remove unnecessary cast of void pointer (fate#315887,\n bsc#1082632).\n - netvsc: remove unnecessary check for NULL hdr (fate#315887, bsc#1082632).\n - netvsc: whitespace cleanup (fate#315887, bsc#1082632).\n - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286).\n - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286).\n - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382).\n - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).\n - nfs: commit direct writes even if they fail partially (bnc#1012382).\n - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382).\n - nfsd: check for use of the closed special stateid (bnc#1012382).\n - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)\n (bnc#1012382).\n - nfsd: Ensure we check stateid validity in the seqid operation checks\n (bnc#1012382).\n - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382).\n - NFSD: fix nfsd_reset_versions for NFSv4 (bnc#1012382).\n - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes).\n - nfs: Do not take a reference on fl->fl_file for LOCK operation\n (bnc#1012382).\n - nfs: fix a deadlock in nfs client initialization (bsc#1074198).\n - NFS: Fix a typo in nfs_rename() (bnc#1012382).\n - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds\n (bnc#1012382).\n - nfs: reject request for id_legacy key without auxdata (bnc#1012382).\n - nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198).\n - NFSv4.1 respect server's max size in CREATE_SESSION (bnc#1012382).\n - NFSv4: Fix client recovery when server reboots multiple times\n (bnc#1012382).\n - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()\n (bnc#1012382).\n - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)\n (bnc#1012382).\n - nvme_fc: cleanup io completion (bsc#1079609).\n - nvme_fc: correct abort race condition on resets (bsc#1079609).\n - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811).\n - nvme_fc: fix abort race on teardown with lld reject (bsc#1083750).\n - nvme_fc: fix ctrl create failures racing with workq items (bsc#1076982).\n - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811).\n - nvme_fc: io timeout should defer abort to ctrl reset (bsc#1085054).\n - nvme-fc: kick admin requeue list on disconnect (bsc#1077241).\n - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195).\n - nvme_fc: minor fixes on sqsize (bsc#1076760).\n - nvme_fc: on remoteport reuse, set new nport_id and role (bsc#1076760).\n - nvme_fc: rework sqsize handling (bsc#1076760).\n - nvme: Fix managing degraded controllers (bnc#1012382).\n - nvme: Fix setting logical block format when revalidating (bsc#1079313).\n - nvme: only start KATO if the controller is live (bsc#1083387).\n - nvme-pci: clean up CMB initialization (bsc#1082979).\n - nvme-pci: clean up SMBSZ bit definitions (bsc#1082979).\n - nvme-pci: consistencly use ctrl->device for logging (bsc#1082979).\n - nvme-pci: fix typos in comments (bsc#1082979).\n - nvme-pci: Remap CMB SQ entries on every controller reset (bsc#1082979).\n - nvme-pci: Remove watchdog timer (bsc#1066163).\n - nvme-pci: Use PCI bus address for data/queues in CMB (bsc#1082979).\n - nvme: Quirks for PM1725 controllers (bsc#1082979).\n - nvme_rdma: clear NVME_RDMA_Q_LIVE bit if reconnect fails (bsc#1083770).\n - nvme-rdma: fix concurrent reset and reconnect (bsc#1082979).\n - nvme: remove nvme_revalidate_ns (bsc#1079313).\n - ocfs2: return error when we attempt to access a dirty bh in jbd2\n (bsc#1070404).\n - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382).\n - openvswitch: fix the incorrect flow action alloc size (bnc#1012382).\n - ovl: fix failure to fsync lower dir (bnc#1012382).\n - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286).\n - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286).\n - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286).\n - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286).\n - packet: fix crash in fanout_demux_rollover() (bnc#1012382).\n - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel\n (bnc#1012382).\n - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382).\n - partially revert tipc improve link resiliency when rps is activated\n (bsc#1068038).\n - PCI/AER: Report non-fatal errors only to the affected endpoint\n (bnc#1012382).\n - pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892).\n - PCI: Avoid bus reset if bridge itself is broken (bnc#1012382).\n - PCI: Create SR-IOV virtfn/physfn links before attaching driver\n (bnc#1012382).\n - PCI: Detach driver before procfs & sysfs teardown on device remove\n (bnc#1012382).\n - pci: hv: Do not sleep in compose_msi_msg() (fate#315887, bsc#1082632).\n - pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382).\n - pci/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs\n (bsc#1082979).\n - PCI/PME: Handle invalid data when reading Root Status (bnc#1012382).\n - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382).\n - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382).\n - perf symbols: Fix symbols__fixup_end heuristic for corner cases\n (bnc#1012382).\n - perf test attr: Fix ignored test case result (bnc#1012382).\n - perf top: Fix window dimensions change handling (bnc#1012382).\n - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning\n (bnc#1012382).\n - phy: work around 'phys' references to usb-nop-xceiv devices\n (bnc#1012382).\n - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382).\n - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382).\n - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382).\n - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382).\n - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382).\n - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning\n (bnc#1012382).\n - pm / devfreq: Propagate error from devfreq_add_device() (bnc#1012382).\n - pm / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717).\n - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382).\n - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules\n (FATE#315275 LTC#103998 bnc#1012382 bnc#863764).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR\n (bnc#1012382).\n - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032,\n bsc#1075087).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075087).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075087).\n - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223).\n - powerpc/ipic: Fix status get and status clear (bnc#1012382).\n - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022,\n bsc#1081514).\n - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove\n (bsc#1081512).\n - powerpc/numa: Use ibm,max-associativity-domains to discover possible\n nodes (FATE#322022, bsc#1081514).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1066223).\n - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382).\n - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo\n (bnc#1012382).\n - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers\n (bsc#1066223).\n - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested\n (bnc#1012382).\n - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h\n (bsc#1066223).\n - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Fix cpu hotplug crash with memoryless nodes\n (FATE#322022, bsc#1081514).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075087).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075087).\n - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032,\n bsc#1075087).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075087).\n - powerpc/rfi-flush: prevent crash when changing flush type to fallback\n after system boot (bsc#1068032, bsc#1075087).\n - powerpc: Simplify module TOC handling (bnc#1012382).\n - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE\n (bnc#1012382).\n - ppp: Destroy the mutex when cleanup (bnc#1012382).\n - pppoe: take ->needed_headroom of lower device into account on xmit\n (bnc#1012382).\n - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382).\n - Provide a function to create a NUL-terminated string from unterminated\n data (bnc#1012382).\n - pwc: hide unused label (bnc#1012382).\n - qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).\n - qla2xxx: Add FC-NVMe abort processing (bsc#1084427).\n - qla2xxx: asynchronous pci probing (bsc#1034503).\n - qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427).\n - qla2xxx: Convert QLA_TGT_ABTS to TARGET_SCF_LOOKUP_LUN_FROM_TAG\n (bsc#1043726,FATE#324770).\n - qla2xxx: do not check login_state if no loop id is assigned\n (bsc#1081681).\n - qla2xxx: ensure async flags are reset correctly (bsc#1081681).\n - qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).\n - qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).\n - qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)\n (bsc#1043726,FATE#324770).\n - qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427).\n - qla2xxx: Fix NVMe entry_type for iocb packet on BE system\n (bsc#1043726,FATE#324770).\n - qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).\n - qla2xxx: Fixup locking for session deletion (bsc#1081681).\n - qla2xxx: Remove nvme_done_list (bsc#1084427).\n - qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe\n (bsc#1084427).\n - qla2xxx: remove use of FC-specific error codes (bsc#1043726,FATE#324770).\n - qla2xxx: Restore ZIO threshold setting (bsc#1084427).\n - qla2xxx: Return busy if rport going away (bsc#1084427).\n - qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote()\n (bsc#1084427).\n - qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).\n - qlcnic: fix deadlock bug (bnc#1012382).\n - r8152: fix the list rx_done may be used without initialization\n (bnc#1012382).\n - r8152: prevent the driver from transmitting packets with carrier off\n (bnc#1012382).\n - r8169: fix memory corruption on retrieval of hardware statistics\n (bnc#1012382).\n - r8169: fix RTL8168EP take too long to complete driver initialization\n (bnc#1012382).\n - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382).\n - ravb: Remove Rx overflow log messages (bnc#1012382).\n - rbd: set max_segments to USHRT_MAX (bnc#1012382).\n - RDMA/cma: Avoid triggering undefined behavior (bnc#1012382).\n - rdma/cma: Make sure that PSN is not over max allowed (bnc#1012382).\n - RDMA/i40iw: Remove MSS change support (bsc#1024376 FATE#321249).\n - rdma/uverbs: Protect from command mask overflow (bsc#1082979).\n - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382).\n - RDS: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382).\n - RDS: null pointer dereference in rds_atomic_free_op (bnc#1012382).\n - regulator: core: Rely on regulator_dev_release to free constraints\n (bsc#1074847).\n - regulator: da9063: Return an error code on probe failure (bsc#1074847).\n - regulator: pwm: Fix regulator ramp delay for continuous mode\n (bsc#1074847).\n - regulator: Try to resolve regulators supplies on registration\n (bsc#1074847).\n - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382).\n - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"\n (bnc#1012382).\n - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382).\n - Revert "drm/armada: Fix compile fail" (bnc#1012382).\n - Revert "Enable DEBUG_RFI"\n - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi).\n - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi).\n - Revert "module: Add retpoline tag to VERMAGIC" (kabi).\n - Revert "net: replace dst_cache ip6_tunnel implementation with the\n generic one" (kabi bnc#1082897).\n - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"\n (bnc#1012382).\n - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"\n (bnc#1012382).\n - Revert "s390/kbuild: enable modversions for symbols exported from asm"\n (bnc#1012382).\n - Revert "sched/deadline: Use the revised wakeup rule for suspending\n constrained dl tasks" (kabi).\n - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline"\n (kabi).\n - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382).\n - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"\n (bnc#1012382).\n - Revert "x86/efi: Build our own page table structures" (bnc#1012382).\n - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"\n (bnc#1012382).\n - Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0"\n - Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries"\n - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"\n (bnc#1012382).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087).\n - rfi-flush: Move the logic to avoid a redo into the debugfs code\n (bsc#1068032, bsc#1075087).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,\n bsc#1075087).\n - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286).\n - ring-buffer: Mask out the info bits when returning buffer page length\n (bnc#1012382).\n - route: also update fnhe_genid when updating a route cache (bnc#1012382).\n - route: update fnhe_expires for redirect when the fnhe exists\n (bnc#1012382).\n - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592).\n - rtc-opal: Fix handling of firmware error codes, prevent busy loops\n (bnc#1012382).\n - rtc: pcf8563: fix output clock rate (bnc#1012382).\n - rtc: pl031: make interrupt optional (bnc#1012382).\n - rtc: set the alarm to the next expiring timer (bnc#1012382).\n - rtlwifi: fix gcc-6 indentation warning (bnc#1012382).\n - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382).\n - s390: add no-execute support (FATE#324087, LTC#158827).\n - s390: always save and restore all registers on context switch\n (bnc#1012382).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847,\n LTC#163740).\n - s390/dasd: fix handling of internal requests (bsc#1080321).\n - s390/dasd: fix wrongly assigned configuration data (bnc#1012382).\n - s390/dasd: prevent prefix I/O error (bnc#1012382).\n - s390: fix compat system call table (bnc#1012382).\n - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382).\n - s390: hypfs: Move diag implementation and data definitions (FATE#324070,\n LTC#158959).\n - s390: kvm: Cpu model support for msa6, msa7 and msa8 (FATE#324069,\n LTC#159031).\n - s390: Make cpc_name accessible (FATE#324070, LTC#158959).\n - s390: Make diag224 public (FATE#324070, LTC#158959).\n - s390/mem_detect: use unsigned longs (FATE#324071, LTC#158956).\n - s390/mm: align swapper_pg_dir to 16k (FATE#324087, LTC#158827).\n - s390/mm: always use PAGE_KERNEL when mapping pages (FATE#324087,\n LTC#158827).\n - s390/noexec: execute kexec datamover without DAT (FATE#324087,\n LTC#158827).\n - s390/oprofile: fix address range for asynchronous stack (bsc#1082979).\n - s390/pageattr: allow kernel page table splitting (FATE#324087,\n LTC#158827).\n - s390/pageattr: avoid unnecessary page table splitting (FATE#324087,\n LTC#158827).\n - s390/pageattr: handle numpages parameter correctly (FATE#324087,\n LTC#158827).\n - s390/pci_dma: improve lazy flush for unmap (bnc#1079886, LTC#163393).\n - s390/pci_dma: improve map_sg (bnc#1079886, LTC#163393).\n - s390/pci_dma: make lazy flush independent from the tlb_refresh bit\n (bnc#1079886, LTC#163393).\n - s390/pci_dma: remove dma address range check (bnc#1079886, LTC#163393).\n - s390/pci_dma: simplify dma address calculation (bnc#1079886, LTC#163393).\n - s390/pci_dma: split dma_update_trans (bnc#1079886, LTC#163393).\n - s390/pci: do not require AIS facility (bnc#1012382).\n - s390/pci: fix dma address calculation in map_sg (bnc#1079886,\n LTC#163393).\n - s390/pci: handle insufficient resources during dma tlb flush\n (bnc#1079886, LTC#163393).\n - s390/pgtable: introduce and use generic csp inline asm (FATE#324087,\n LTC#158827).\n - s390/pgtable: make pmd and pud helper functions available (FATE#324087,\n LTC#158827).\n - s390/qeth: fix underestimated count of buffer elements (bnc#1082089,\n LTC#164529).\n - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382\n bnc#1053472).\n - s390: report new vector facilities (FATE#324088, LTC#158828).\n - s390/runtime instrumentation: simplify task exit handling (bnc#1012382).\n - s390/sclp: Add hmfai field (FATE#324071, LTC#158956).\n - s390/vmem: align segment and region tables to 16k (FATE#324087,\n LTC#158827).\n - s390/vmem: introduce and use SEGMENT_KERNEL and REGION3_KERNEL\n (FATE#324087, LTC#158827).\n - s390/vmem: simplify vmem code for read-only mappings (FATE#324087,\n LTC#158827).\n - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382).\n - sched/deadline: Make sure the replenishment timer fires in the next\n period (bnc#1012382).\n - sched/deadline: Throttle a constrained deadline task activated after the\n deadline (bnc#1012382).\n - sched/deadline: Use deadline instead of period when calculating overflow\n (bnc#1012382).\n - sched/deadline: Use the revised wakeup rule for suspending constrained\n dl tasks (bnc#1012382).\n - sched/deadline: Zero out positive runtime after throttling constrained\n tasks (git-fixes).\n - sched/rt: Up the root domain ref count when passing it around via IPIs\n (bnc#1012382).\n - sched/rt: Use container_of() to get root domain in\n rto_push_irq_work_func() (bnc#1012382).\n - scripts/kernel-doc: Do not fail with status != 0 if error encountered\n with -none (bnc#1012382).\n - scsi: aacraid: Fix hang in kdump (bsc#1022607, FATE#321673).\n - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH\n path (bnc#1012382).\n - scsi: advansys: fix build warning for PCI=n (bnc#1012382).\n - scsi: advansys: fix uninitialized data access (bnc#1012382).\n - scsi: bfa: integer overflow in debugfs (bnc#1012382).\n - scsi: cxgb4i: fix Tx skb leak (bnc#1012382).\n - scsi: do not look for NULL devices handlers by name (bsc#1082373).\n - scsi: fas216: fix sense buffer initialization (bsc#1082979).\n - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382).\n - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138).\n - scsi: hisi_sas: directly attached disk LED feature for v2 hw\n (bsc#1083409).\n - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading\n (bnc#1012382).\n - scsi: hpsa: destroy sas transport properties before scsi_host\n (bnc#1012382).\n - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info\n (bnc#1012382).\n - scsi: initio: remove duplicate module device table (bnc#1012382\n bsc#1082979).\n - scsi: initio: remove duplicate module device table (bsc#1082979).\n - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382).\n - scsi: libsas: fix error when getting phy events (bsc#1082979).\n - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (bsc#1082979).\n - scsi: lpfc: Add WQ Full Logic for NVME Target (bsc#1080656).\n - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target\n (bsc#1080656).\n - scsi: lpfc: Beef up stat counters for debug (bsc#1076693).\n - scsi: lpfc: correct debug counters for abort (bsc#1080656).\n - scsi: lpfc: do not dereference localport before it has been null checked\n (bsc#1076693).\n - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function\n (bsc#1082979).\n - scsi: lpfc: fix a couple of minor indentation issues (bsc#1076693).\n - scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv\n (bsc#1076693).\n - scsi: lpfc: Fix header inclusion in lpfc_nvmet (bsc#1080656).\n - scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port\n (bsc#1076693).\n - scsi: lpfc: Fix IO failure during hba reset testing with nvme io\n (bsc#1080656).\n - scsi: lpfc: Fix issue_lip if link is disabled (bsc#1080656).\n - scsi: lpfc: Fix issues connecting with nvme initiator (bsc#1076693).\n - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap\n (bsc#1080656).\n - scsi: lpfc: Fix PRLI handling when topology type changes (bsc#1080656).\n - scsi: lpfc: Fix receive PRLI handling (bsc#1076693).\n - scsi: lpfc: Fix RQ empty firmware trap (bsc#1080656).\n - scsi: lpfc: Fix SCSI io host reset causing kernel crash (bsc#1080656).\n - scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled\n (bsc#1076693).\n - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing\n (bsc#1080656).\n - scsi: lpfc: Increase CQ and WQ sizes for SCSI (bsc#1080656).\n - scsi: lpfc: Increase SCSI CQ and WQ sizes (bsc#1076693).\n - scsi: lpfc: Indicate CONF support in NVMe PRLI (bsc#1080656).\n - scsi: lpfc: move placement of target destroy on driver detach\n (bsc#1080656).\n - scsi: lpfc: Treat SCSI Write operation Underruns as an error\n (bsc#1080656).\n - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright\n (bsc#1080656).\n - scsi: lpfc: update driver version to 11.4.0.6 (bsc#1076693).\n - scsi: lpfc: update driver version to 11.4.0.7 (bsc#1080656).\n - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838).\n - scsi: lpfc: Validate adapter support for SRIU option (bsc#1080656).\n - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1\n volume created on two SATA drive (bnc#1012382).\n - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382).\n - scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT\n passthrough commands (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Accelerate SCSI BUSY status generation in target mode\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Add ability to autodetect SFP type\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add ability to send PRLO (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add ability to use GPNFT/GNNFT for RSCN handling\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add ATIO-Q processing for INTx mode\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add boundary checks for exchanges to be offloaded\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add command completion for error path\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add debug knob for user control workload\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Add debug logging routine for qpair\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Added change to enable ZIO for FC-NVMe devices\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add FC-NVMe command handling (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add FC-NVMe port discovery and PRLI handling\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add function call to qpair for door bell\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Add fw_started flags to qpair (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Add lock protection around host lookup\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add LR distance support from nvram bit\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: add missing includes for qla_isr\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add option for use reserve exch for ELS\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add ql2xiniexchg parameter (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Add retry limit for fabric scan logic\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add support for minimum link speed\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add switch command to simplify fabric discovery\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add timeout ability to wait_for_sess_deletion()\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Add XCB counters to debugfs (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port\n states (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Allow relogin and session creation after reset\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Allow SNS fabric login to be retried\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Allow target mode to accept PRLI in dual mode\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: avoid unused-function warning (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Change ha->wq max_active value to default\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Changes to support N2N logins (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Chip reset uses wrong lock during IO flush\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Cleanup FC-NVMe code (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Cleanup NPIV host in target mode during config teardown\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Clear fc4f_nvme flag (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Clear loop id after delete (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Combine Active command arrays (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Convert 32-bit LUN usage to 64-bit\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Defer processing of GS IOCB calls\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Delay loop id allocation at login\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Do not call abort handler function during chip reset\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Do not call dma_free_coherent with IRQ disabled\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: do not include <generated/utsrelease.h>\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Enable Async TMF processing (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Enable ATIO interrupt handshake for ISP27XX\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Enable Target Multi Queue (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146,\n bsc#966328).\n - scsi: qla2xxx: fix a bunch of typos and spelling mistakes\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()\n (bsc#1082979).\n - scsi: qla2xxx: Fix compile warning (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Fix FC-NVMe LUN discovery (bsc#1083223).\n - scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange\n Offload (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix GPNFT/GNNFT error handling (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix gpnid error processing (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix incorrect handle for abort IOCB (bsc#1082979).\n - scsi: qla2xxx: Fix login state machine freeze (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix login state machine stuck at GPDB\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix logo flag for qlt_free_session_done()\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix mailbox failure while deleting Queue pairs\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Fix memory leak in dual/target mode\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix NPIV host cleanup in target mode\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix NPIV host enable after chip reset\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix NULL pointer access for fcport structure\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS\n (bsc#1082979).\n - scsi: qla2xxx: Fix NULL pointer crash due to probe failure\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix oops in qla2x00_probe_one error path\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix PRLI state check (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix queue ID for async abort with Multiqueue\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix recursion while sending terminate exchange\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix Relogin being triggered too fast\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix re-login for Nport Handle in use\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix remoteport disconnect for FC-NVMe\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix scan state field for fcport (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix session cleanup for N2N (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix slow mem alloc behind lock (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: fix spelling mistake of variable sfp_additonal_info\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix system crash for Notify ack timeout handling\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix system crash while triggering FW dump\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix system panic due to pointer access problem\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix target multiqueue configuration\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix task mgmt handling for NPIV (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix warning during port_name debug print\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix warning for code intentation in\n __qla24xx_handle_gpdb_event() (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Fix WWPN/WWNN in debug message (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Handle PCIe error for driver (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Increase ql2xmaxqdepth to 64 (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Increase verbosity of debug messages logged\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Migrate switch registration commands away from mailbox\n interface (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: move fields from qla_hw_data to qla_qpair\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Move function prototype to correct header\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Move logging default mask to execute once only\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Move session delete to driver work queue\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Move target stat counters from vha to qpair\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Move work element processing out of DPC thread\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Off by one in qlt_ctio_to_cmd() (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Preparation for Target MQ (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Prevent multiple active discovery commands per session\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Prevent relogin trigger from sending too many commands\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Prevent sp->free null/uninitialized pointer dereference\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Print correct mailbox registers in failed summary\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Properly extract ADISC error codes\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Protect access to qpair members with qpair->qp_lock\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Query FC4 type during RSCN processing\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Recheck session state after RSCN (bsc#1043726,FATE#324770)\n - scsi: qla2xxx: Reduce the use of terminate exchange\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Reduce trace noise for Async Events\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Reinstate module parameter ql2xenablemsix\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Relogin to target port on a cable swap\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout\n (FATE#320146, bsc#966328).\n - scsi: qla2xxx: Remove an unused structure member\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove datasegs_per_cmd and datasegs_per_cont field\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove extra register read (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove extra register read (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery\n (bsc#1084397).\n - scsi: qla2xxx: Remove potential macro parameter side-effect in\n ql_dump_regs() (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: remove redundant assignment of d\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: remove redundant null check on tgt\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove redundant wait when target is stopped\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove session creation redundant code\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Remove unused argument from\n qlt_schedule_sess_for_deletion() (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Remove unused irq_cmd_count field\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Remove unused tgt_enable_64bit_addr flag\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: remove writeq/readq function definitions\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Replace GPDB with async ADISC command\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Reset the logo flag, after target re-login\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Retry switch command on time out\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Send FC4 type NVMe to the management server\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Serialize GPNID for multiple RSCN\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Serialize session deletion by using work_lock\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Serialize session free in qlt_free_session_done\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Skip IRQ affinity for Target QPairs\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Skip zero queue count entry during FW dump capture\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Tweak resource count dump (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update Driver version to 10.00.00.00-k\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update driver version to 10.00.00.01-k\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update driver version to 10.00.00.02-k\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update driver version to 10.00.00.03-k\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update driver version to 10.00.00.04-k\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Update driver version to 10.00.00.05-k (bsc#1081681).\n - scsi: qla2xxx: Update driver version to 9.01.00.00-k\n (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Update fw_started flags at qpair creation\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch\n (bsc#1043726,FATE#324770)\n - scsi: qla2xxx: Use chip reset to bring down laser on unload\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: use dma_mapping_error to check map errors\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use FC-NVMe FC4 type for FDMI registration\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use IOCB path to submit Control VP MBX command\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use known NPort ID for Management Server login\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use ql2xnvmeenable to enable Q-Pair for FC-NVMe\n (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: use shadow register for ISP27XX (bsc#1043725,FATE#324770).\n - scsi: qla2xxx: Use shadow register for ISP27XX (bsc#1043726,FATE#324770).\n - scsi: qla2xxx: Use sp->free instead of hard coded call\n (bsc#1043726,FATE#324770).\n - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382).\n - scsi: sd: change manage_start_stop to bool in sysfs interface\n (bnc#1012382).\n - scsi: ses: do not get power status of SES device slot on probe\n (bsc#1082979).\n - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382).\n - scsi: sim710: fix build warning (bnc#1012382).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813).\n - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error\n (bnc#1012382).\n - scsi: storvsc: remove unnecessary channel inbound lock (fate#315887,\n bsc#1082632).\n - scsi: sun_esp: fix device reference leaks (bsc#1082979).\n - scsi: tcm_qla2xxx: Do not allow aborted cmd to advance\n (bsc#1043725,FATE#324770).\n - scsi: ufs: ufshcd: fix potential NULL pointer dereference in\n ufshcd_config_vreg (bnc#1012382).\n - sctp: do not allow the v4 socket to bind a v4mapped v6 address\n (bnc#1012382).\n - sctp: do not free asoc when it is already dead in sctp_sendmsg\n (bnc#1012382).\n - sctp: make use of pre-calculated len (bnc#1012382).\n - sctp: Replace use of sockets_allocated with specified macro\n (bnc#1012382).\n - sctp: return error if the asoc has been peeled off in\n sctp_wait_for_sndbuf (bnc#1012382).\n - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382).\n - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382).\n - selftests/x86: Add test_vsyscall (bnc#1012382).\n - selftests/x86/ldt_get: Add a few additional tests for limits\n (bnc#1012382).\n - selinux: ensure the context is NUL terminated in\n security_context_to_sid_core() (bnc#1012382).\n - selinux: general protection fault in sock_has_perm (bnc#1012382).\n - selinux: skip bounded transition processing if the policy isn't loaded\n (bnc#1012382).\n - serial: 8250_mid: fix broken DMA dependency (bnc#1012382).\n - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382).\n - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382).\n - serial: 8250_uniphier: fix error return code in uniphier_uart_probe()\n (bsc#1031717).\n - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS\n (bnc#1012382).\n - series.conf: disable qla2xxx patches (bsc#1043725)\n - series.conf: move core networking (including netfilter) into sorted\n section\n - series.conf: refresh Ran series_sort.py (no effect on expanded tree).\n - series.conf: whitespace cleanup\n - Set supported_modules_check 1 (bsc#1072163).\n - sfc: do not warn on successful change of MAC (bnc#1012382).\n - sget(): handle failures of register_shrinker() (bnc#1012382).\n - sh_eth: fix SH7757 GEther initialization (bnc#1012382).\n - sh_eth: fix TSU resource handling (bnc#1012382).\n - signal/openrisc: Fix do_unaligned_access to send the proper signal\n (bnc#1012382).\n - signal/sh: Ensure si_signo is initialized in do_divide_error\n (bnc#1012382).\n - sit: update frag_off info (bnc#1012382).\n - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382).\n - SolutionEngine771x: fix Ether platform data (bnc#1012382).\n - sparc64/mm: set fields in deferred pages (bnc#1012382).\n - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382).\n - spi: imx: do not access registers while clocks disabled (bnc#1012382).\n - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382).\n - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382).\n - spi: sun4i: disable clocks in the remove function (bnc#1012382).\n - spi: xilinx: Detect stall with Unknown commands (bnc#1012382).\n - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382).\n - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl\n (bnc#1012382).\n - staging: android: ashmem: Fix a race condition in pin ioctls\n (bnc#1012382).\n - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382).\n - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382).\n - staging: ste_rmi4: avoid unused function warnings (bnc#1012382).\n - staging: unisys: visorinput depends on INPUT (bnc#1012382).\n - staging: wilc1000: fix kbuild test robot error (bnc#1012382).\n - sunrpc: Allow connect to return EHOSTUNREACH (bnc#1012382).\n - sunrpc: Fix rpc_task_begin trace point (bnc#1012382).\n - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - sysrq : fix Show Regs call trace on ARM (bnc#1012382).\n - target: Add support for TMR percpu reference counting\n (bsc#1043726,FATE#324770).\n - target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK\n (bsc#1043726,FATE#324770).\n - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK\n (bnc#1012382).\n - target/file: Do not return error for UNMAP if length is zero\n (bnc#1012382).\n - target: fix ALUA transition timeout handling (bnc#1012382).\n - target:fix condition return in core_pr_dump_initiator_port()\n (bnc#1012382).\n - target: fix race during implicit transition work flushes (bnc#1012382).\n - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()\n (bnc#1012382).\n - target: Use system workqueue for ALUA transitions (bnc#1012382).\n - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382).\n - tc358743: fix register i2c_rd/wr function fix (git-fixes).\n - tc358743: fix register i2c_rd/wr functions (bnc#1012382).\n - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382).\n - tcp: do not set rtt_min to 1 (bsc#1042286).\n - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382).\n - tcp md5sig: Use skb's saddr when replying to an incoming segment\n (bnc#1012382).\n - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382).\n - tcp: __tcp_hdrlen() helper (bnc#1012382).\n - test_bpf: fix the dummy skb after dissector changes (bsc#1042286).\n - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382).\n - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382).\n - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382).\n - thermal/drivers/step_wise: Fix temperature regulation misbehavior\n (bnc#1012382).\n - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382).\n - thermal: hisilicon: Handle return value of clk_prepare_enable\n (bnc#1012382).\n - thermal: spear: use __maybe_unused for PM functions (bnc#1012382).\n - tipc: fix cleanup at module unload (bnc#1012382).\n - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382).\n - tipc: improve link resiliency when rps is activated (bsc#1068038).\n - tlan: avoid unused label with PCI=n (bnc#1012382).\n - tools build: Add tools tree support for 'make -s' (bnc#1012382).\n - tpm-dev-common: Reject too short writes (bsc#1020645, git-fixes).\n - tpm: fix potential buffer overruns caused by bit glitches on the bus\n (bsc#1020645, git-fixes).\n - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches\n on the bus (bsc#1020645, git-fixes).\n - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on\n the bus (bsc#1020645, git-fixes).\n - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on\n the bus (bsc#1020645, git-fixes).\n - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus\n (bsc#1020645, git-fixes).\n - tracing: Allocate mask_str buffer dynamically (bnc#1012382).\n - tracing: Fix converting enum's from the map in trace_event_eval_update()\n (bnc#1012382).\n - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382).\n - tracing: Fix possible double free on failure of allocating trace buffer\n (bnc#1012382).\n - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382).\n - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382).\n - tty fix oops when rmmod 8250 (bnc#1012382).\n - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382).\n - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363).\n - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382).\n - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382).\n - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382).\n - udf: Avoid overflow when session starts at large offset (bnc#1012382).\n - udp: restore UDPlite many-cast delivery (bsc#1042286).\n - um: link vmlinux with -no-pie (bnc#1012382).\n - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382).\n - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382).\n - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382).\n - usb: cdc-acm: Do not log urb submission errors on disconnect\n (bnc#1012382).\n - usb: cdc_subset: only build when one driver is enabled (bnc#1012382).\n - USB: core: Add type-specific length check of BOS descriptors\n (bnc#1012382).\n - USB: core: prevent malicious bNumInterfaces overflow (bnc#1012382).\n - USB: devio: Prevent integer overflow in proc_do_submiturb()\n (bnc#1012382).\n - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382).\n - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382).\n - USB: Fix off by one in type-specific length check of BOS SSP capability\n (git-fixes).\n - USB: fix usbmon BUG trigger (bnc#1012382).\n - usb: gadget: configs: plug memory leak (bnc#1012382).\n - usb: gadget: do not dereference g until after it has been null checked\n (bnc#1012382).\n - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping\n (bnc#1012382).\n - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382).\n - USB: gadgetfs: Fix a potential memory leak in 'dev_config()'\n (bnc#1012382).\n - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed\n (bnc#1012382).\n - usb: gadget: udc: remove pointer dereference after free (bnc#1012382).\n - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382).\n - usb: hub: Cycle HUB power when initialization fails (bnc#1012382).\n - USB: Increase usbfs transfer limit (bnc#1012382).\n - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file\n (bnc#1012382).\n - usbip: Fix implicit fallthrough warning (bnc#1012382).\n - usbip: Fix potential format overflow in userspace tools (bnc#1012382).\n - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382).\n - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input\n (bnc#1012382).\n - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer\n (bnc#1012382).\n - usbip: fix usbip bind writing random string after command in match_busid\n (bnc#1012382).\n - usbip: keep usbip_device sockfd state in sync with tcp_socket\n (bnc#1012382).\n - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382).\n - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382).\n - usbip: prevent leaking socket pointer address in messages (bnc#1012382).\n - usbip: prevent vhci_hcd driver from leaking a socket pointer address\n (bnc#1012382).\n - usbip: remove kernel addresses from usb device and urb debug msgs\n (bnc#1012382).\n - usbip: stub: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382).\n - usbip: vhci: stop printing kernel pointer addresses in messages\n (bnc#1012382).\n - usb: ldusb: add PIDs for new CASSY devices supported by this driver\n (bnc#1012382).\n - usb: misc: usb3503: make sure reset is low for at least 100us\n (bnc#1012382).\n - usb: musb: da8xx: fix babble condition handling (bnc#1012382).\n - usb: musb/ux500: remove duplicate check for dma_is_compatible\n (bnc#1012382).\n - usb: ohci: Proper handling of ed_rm_list to handle race condition\n between usb_kill_urb() and finish_unlinks() (bnc#1012382).\n - usb: option: Add support for FS040U modem (bnc#1012382).\n - usb: phy: isp1301: Add OF device ID table (bnc#1012382).\n - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled\n (git-fixes).\n - usb: phy: msm add regulator dependency (bnc#1012382).\n - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382).\n - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub\n (bnc#1012382).\n - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path\n (bnc#1012382).\n - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ\n (bnc#1012382).\n - USB: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382).\n - USB: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382).\n - usb: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382).\n - USB: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382).\n - USB: serial: option: add Quectel BG96 id (bnc#1012382).\n - USB: serial: option: add support for Telit ME910 PID 0x1101\n (bnc#1012382).\n - usb: serial: pl2303: new device id for Chilitag (bnc#1012382).\n - USB: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382).\n - usb: serial: simple: add Motorola Tetra driver (bnc#1012382).\n - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID\n (bnc#1012382).\n - usb: uas: unconditionally bring back host after reset (bnc#1012382).\n - USB: usbfs: Filter flags passed in from user space (bnc#1012382).\n - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382).\n - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382).\n - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382).\n - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382).\n - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382).\n - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382).\n - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382).\n - vfs: do not do RCU lookup of empty pathnames (bnc#1012382).\n - vhost_net: stop device during reset owner (bnc#1012382).\n - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382).\n - video: fbdev: au1200fb: Release some resources if a memory allocation\n fails (bnc#1012382).\n - video: fbdev: au1200fb: Return an error code if a memory allocation\n fails (bnc#1012382).\n - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382).\n - video: fbdev: sis: remove unused variable (bnc#1012382).\n - video: fbdev: via: remove possibly unused variables (bnc#1012382).\n - video: Use bool instead int pointer for get_opt_bool() argument\n (bnc#1012382).\n - virtio_balloon: prevent uninitialized variable use (bnc#1012382).\n - virtio: release virtio index when fail to device_register (bnc#1012382).\n - vmbus: add per-channel sysfs info (fate#315887, bsc#1082632).\n - vmbus: add prefetch to ring buffer iterator (fate#315887, bsc#1082632).\n - vmbus: do not acquire the mutex in vmbus_hvsock_device_unregister()\n (fate#315887, bsc#1082632).\n - vmbus: drop unused ring_buffer_info elements (fate#315887, bsc#1082632).\n - vmbus: eliminate duplicate cached index (fate#315887, bsc#1082632).\n - vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister()\n (fate#315887, bsc#1082632).\n - vmbus: initialize reserved fields in messages (fate#315887, bsc#1082632).\n - vmbus: make channel_message table constant (fate#315887, bsc#1082632).\n - vmbus: more host signalling avoidance (fate#315887, bsc#1082632).\n - vmbus: refactor hv_signal_on_read (fate#315887, bsc#1082632).\n - vmbus: remove unused vmbus_sendpacket_ctl (fate#315887, bsc#1082632).\n - vmbus: remove unused vmbus_sendpacket_multipagebuffer (fate#315887,\n bsc#1082632).\n - vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl (fate#315887,\n bsc#1082632).\n - vmbus: Reuse uuid_le_to_bin() helper (fate#315887, bsc#1082632).\n - vmbus: simplify hv_ringbuffer_read (fate#315887, bsc#1082632).\n - vmbus: unregister device_obj->channels_kset (fate#315887, bsc#1082632).\n - vmxnet3: prevent building with 64K pages (bnc#1012382).\n - vmxnet3: repair memory leak (bnc#1012382).\n - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382).\n - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend\n (bnc#1012382).\n - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382).\n - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382).\n - vxlan: consolidate csum flag handling (bsc#1042286).\n - vxlan: consolidate output route calculation (bsc#1042286).\n - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286).\n - vxlan: do not allow overwrite of config src addr (bsc#1042286).\n - watchdog: imx2_wdt: restore previous timeout after suspend+resume\n (bnc#1012382).\n - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382).\n - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq\n (bnc#1012382).\n - writeback: fix memory leak in wb_queue_work() (bnc#1012382).\n - X.509: fix buffer overflow detection in sprint_oid() (bsc#1075078).\n - X.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86: add MULTIUSER dependency for KVM (bnc#1012382).\n - x86/alternatives: Add missing '\\n' at end of ALTERNATIVE inline asm\n (bnc#1012382).\n - x86/alternatives: Fix optimize_nops() checking (bnc#1012382).\n - x86/apic/vector: Fix off by one in error path (bnc#1012382).\n - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels\n (bnc#1012382).\n - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382).\n - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382).\n - x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382).\n - x86/build: Silence the build with "make -s" (bnc#1012382).\n - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382).\n - x86/cpu: Change type of x86_cache_size variable to unsigned int\n (bnc#1012382).\n - x86/cpu: Factor out application of forced CPU caps (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382).\n - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025).\n - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025).\n - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382).\n - x86/Documentation: Add PTI description (bnc#1012382).\n - x86/efi: Build our own page table structures (fate#320512).\n - x86/efi: Hoist page table switching code into efi_call_virt()\n (fate#320512).\n - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0\n (bsc#1077560).\n - x86/entry/64: Use a per-CPU trampoline stack for IDT entries\n (bsc#1077560).\n - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()\n (bnc#1012382).\n - x86: fix build warnign with 32-bit PAE (bnc#1012382).\n - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382).\n - x86/hpet: Prevent might sleep splat on resume (bnc#1012382).\n - x86/hyperv: Implement hv_get_tsc_page() (fate#315887, bsc#1082632).\n - x86/hyper-v: include hyperv/ only when CONFIG_HYPERV is set\n (fate#315887, bsc#1082632).\n - x86/hyper-v: Introduce fast hypercall implementation (fate#315887,\n bsc#1082632).\n - x86/hyper-v: Make hv_do_hypercall() inline (fate#315887, bsc#1082632).\n - x86/hyperv: Move TSC reading method to asm/mshyperv.h (fate#315887,\n bsc#1082632).\n - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER\n (bnc#1012382).\n - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382).\n - x86/kasan: Write protect kasan zero shadow (bnc#1012382).\n - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when\n running nested (bsc#1081431).\n - x86/mce: Pin the timer when modifying (bsc#1080851,1076282).\n - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix\n preemptibility bug (bnc#1012382).\n - x86/microcode/AMD: Do not load when running on a hypervisor\n (bnc#1012382).\n - x86/microcode/AMD: Do not load when running on a hypervisor (bsc#1081436\n bsc#1081437).\n - x86/microcode: Do the family check first (bnc#1012382).\n - x86/microcode: Do the family check first (bsc#1081436 bsc#1081437).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bnc#1012382).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bnc#1012382).\n - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382).\n - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier\n (git-fixes).\n - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382).\n - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382).\n - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers\n (fate#320588).\n - x86/mm/pkeys: Fix fill_sig_info_pkey (fate#321300).\n - x86/nospec: Fix header guards names (bnc#1012382).\n - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382).\n - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382).\n - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382).\n - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382).\n - x86/platform/olpc: Fix resume handler build warning (bnc#1012382).\n - x86/pti: Document fix wrong index (bnc#1012382).\n - x86/pti/efi: broken conversion from efi to kernel page table\n (bnc#1012382).\n - x86/pti: Make unpoison of pgd for trusted boot work for real\n (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382).\n - x86/retpoline: Avoid retpolines for built-in __init functions\n (bnc#1012382).\n - x86/retpoline/hyperv: Convert assembler indirect jumps (fate#315887,\n bsc#1082632).\n - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382).\n - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382).\n - x86/spectre: Fix an error message (git-fixes).\n - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"\n (bnc#1012382).\n - x86/spectre: Remove the out-of-tree RSB stuffing\n - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL\n (bnc#1012382).\n - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382).\n - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()\n (bnc#1012382).\n - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600).\n - xen: Fix trampoline stack loading issue on XEN PV.\n - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382).\n - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382).\n - xen-netfront: avoid crashing on resume after a failure in\n talk_to_netback() (bnc#1012382).\n - xen-netfront: enable device after manual module load (bnc#1012382).\n - xen-netfront: Improve error handling during initialization (bnc#1012382).\n - xen-netfront: remove warning when unloading module (bnc#1012382).\n - xen: XEN_ACPI_PROCESSOR is Dom0-only (bnc#1012382).\n - xfrm: check id proto in validate_tmpl() (bnc#1012382).\n - xfrm: Copy policy family in clone_policy (bnc#1012382).\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382).\n - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies\n (bnc#1012382).\n - xfrm_user: propagate sec ctx allocation errors (bsc#1042286).\n - xfs: add configurable error support to metadata buffers (bsc#1068569).\n - xfs: add configuration handlers for specific errors (bsc#1068569).\n - xfs: add configuration of error failure speed (bsc#1068569).\n - xfs: add "fail at unmount" error handling configuration (bsc#1068569).\n - xfs: Add infrastructure needed for error propagation during buffer IO\n failure (bsc#1068569).\n - xfs: address kabi for xfs buffer retry infrastructure (kabi).\n - xfs: configurable error behavior via sysfs (bsc#1068569).\n - xfs: do not chain ioends during writepage submission (bsc#1077285\n bsc#1043441).\n - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441).\n - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real\n (bnc#1012382).\n - xfs: fix log block underflow during recovery cycle verification\n (bnc#1012382).\n - xfs: fix up inode32/64 (re)mount handling (bsc#1069160).\n - xfs: introduce metadata IO error class (bsc#1068569).\n - xfs: introduce table-based init for error behaviors (bsc#1068569).\n - xfs: Introduce writeback context for writepages (bsc#1077285\n bsc#1043441).\n - xfs: ioends require logically contiguous file offsets (bsc#1077285\n bsc#1043441).\n - xfs: Properly retry failed inode items in case of error during buffer\n writeback (bsc#1068569).\n - xfs: quota: check result of register_shrinker() (bnc#1012382).\n - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382).\n - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787).\n - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285\n bsc#1043441).\n - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441).\n - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569).\n - xfs: stop searching for free slots in an inode chunk when there are none\n (bsc#1072739).\n - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401).\n - xfs: ubsan fixes (bnc#1012382).\n - xfs: validate sb_logsunit is a multiple of the fs blocksize\n (bsc#1077513).\n - xfs: write unmount record for ro mounts (bsc#1073401).\n - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441).\n - xhci: Do not add a virt_dev to the devs array before it's fully\n allocated (bnc#1012382).\n - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()\n (bnc#1012382).\n - xhci: plat: Register shutdown for xhci_plat (bnc#1012382).\n - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382).\n - zram: fix operator precedence to get offset (bsc#1082979).\n - zram: set physical queue limits to avoid array out of bounds accesses\n (bnc#1012382).\n\n", "modified": "2018-04-19T15:07:54", "published": "2018-04-19T15:07:54", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html", "id": "SUSE-SU-2018:0986-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-28T22:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15299", "CVE-2017-16913", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-16912", "CVE-2017-18204", "CVE-2018-6927", "CVE-2017-13166", "CVE-2016-7915", "CVE-2017-18208", "CVE-2017-16911", "CVE-2018-5332", "CVE-2018-1068", "CVE-2017-16644", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-16914", "CVE-2017-18221"], "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall\n interface for bridging. This allowed a privileged user to arbitrarily\n write to a limited range of kernel memory (bnc#1085107).\n - CVE-2017-18221: The __munlock_pagevec function allowed local users to\n cause a denial of service (NR_MLOCK accounting corruption) via crafted\n use of mlockall and munlockall system calls (bnc#1084323).\n - CVE-2018-1066: Prevent NULL pointer dereference in\n fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker\n controlling a CIFS server to kernel panic a client that has this server\n mounted, because an empty TargetInfo field in an NTLMSSP setup\n negotiation response was mishandled during session recovery\n (bnc#1083640).\n - CVE-2017-13166: Prevent elevation of privilege vulnerability in the\n kernel v4l2 video driver (bnc#1072865).\n - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose\n kernel memory addresses. Successful exploitation required that a USB\n device was attached over IP (bnc#1078674).\n - CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key\n that already exists but is uninstantiated, which allowed local users to\n cause a denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted system call\n (bnc#1063416).\n - CVE-2017-18208: The madvise_willneed function kernel allowed local users\n to cause a denial of service (infinite loop) by triggering use of\n MADVISE_WILLNEED for a DAX mapping (bnc#1083494).\n - CVE-2018-7566: The ALSA sequencer core initializes the event pool on\n demand by invoking snd_seq_pool_init() when the first write happens and\n the pool is empty. A user could have reset the pool size manually via\n ioctl concurrently, which may have lead UAF or out-of-bound access\n (bsc#1083483).\n - CVE-2017-18204: The ocfs2_setattr function allowed local users to cause\n a denial of service (deadlock) via DIO requests (bnc#1083244).\n - CVE-2017-16644: The hdpvr_probe function allowed local users to cause a\n denial of service (improper error handling and system crash) or possibly\n have unspecified other impact via a crafted USB device (bnc#1067118).\n - CVE-2018-6927: The futex_requeue function allowed attackers to cause a\n denial\n of service (integer overflow) or possibly have unspecified other impact\n by triggering a negative wake or requeue value (bnc#1080757).\n - CVE-2017-16914: The "stub_send_ret_submit()" function allowed attackers\n to cause a denial of service (NULL pointer dereference) via a specially\n crafted USB over IP packet (bnc#1078669).\n - CVE-2016-7915: The hid_input_field function allowed physically proximate\n attackers to obtain sensitive information from kernel memory or cause a\n denial\n of service (out-of-bounds read) by connecting a device (bnc#1010470).\n - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did\n unbalanced refcounting when a SCSI I/O vector had small consecutive\n buffers belonging to the same page. The bio_add_pc_page function merged\n them into one, but the page reference was never dropped. This caused a\n memory leak and possible system lockup (exploitable against the host OS\n by a guest OS user, if a SCSI disk is passed through to a virtual\n machine) due to an out-of-memory condition (bnc#1062568).\n - CVE-2017-16912: The "get_pipe()" function allowed attackers to cause a\n denial\n of service (out-of-bounds read) via a specially crafted USB over IP\n packet (bnc#1078673).\n - CVE-2017-16913: The "stub_recv_cmd_submit()" function when handling\n CMD_SUBMIT packets allowed attackers to cause a denial of service\n (arbitrary memory allocation) via a specially crafted USB over IP packet\n (bnc#1078672).\n - CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading to a heap-based\n out-of-bounds write (related to the rds_rdma_extra_size function in\n net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled\n cases where page pinning fails or an invalid address is supplied,\n leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function allowed remote\n attackers to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact by leveraging the\n presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n The following non-security bugs were fixed:\n\n - Fix build on arm64 by defining empty gmb() (bnc#1068032).\n - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).\n - KEYS: fix writing past end of user-supplied buffer in keyring_read()\n (bsc#1066001).\n - KEYS: return full count in keyring_read() if buffer is too small\n (bsc#1066001).\n - include/stddef.h: Move offsetofend() from vfio.h to a generic kernel\n header (bsc#1077560).\n - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n - x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)\n - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow\n variables support (bsc#1082299).\n - livepatch: introduce shadow variable API. Shadow variables support\n (bsc#1082299)\n - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: do not copy back the result for certain\n errors (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type\n (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n - media: v4l2-compat-ioctl32.c: move 'helper' functions to\n __get/put_v4l2_format32 (bnc#1012382).\n - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).\n - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY\n (bnc#1012382).\n - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets\n (bsc#1085107).\n - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n - packet: only call dev_add_pack() on freshly allocated fanout instances\n - pipe: cap initial pipe capacity according to pipe-max-size limit\n (bsc#1045330).\n - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).\n\n", "edition": 1, "modified": "2018-03-28T21:07:35", "published": "2018-03-28T21:07:35", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html", "id": "SUSE-SU-2018:0834-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2020-12-24T10:40:51", "bulletinFamily": "software", "cvelist": ["CVE-2017-1000251", "CVE-2017-13715", "CVE-2017-18017", "CVE-2018-1000028", "CVE-2018-10938", "CVE-2018-14641", "CVE-2018-5390", "CVE-2018-5391", "CVE-2018-5703"], "description": "### SUMMARY\n\nSymantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service, and possible execute arbitrary code. \n \n\n### AFFECTED PRODUCTS\n\nAdvanced Secure Gateway (ASG) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390 | 6.6 | Upgrade to later release with fixes. \n6.7 | Upgrade to 6.7.4.8. \n7.1 | Upgrade to later release with fixes. \n7.2 | Not vulnerable, fixed \n \n \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5391 | 1.3, 2.1, 2.2 | Upgrade to later version with fixes. \n2.3, 2.4, 3.0 | Not available at this time \n3.1 | Not vulnerable, fixed in 3.1.0.0. \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2017-18017, CVE-2018-5390, \nCVE-2018-5391 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390, CVE-2018-5391 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5391 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5391 | 2.0 - 2.3 | Upgrade to later release with fixes. \n2.4 | Not available at this time \n3.0 and later | Not vulnerable, fixed in 3.0.1.1 \n \n \n\n**PacketShaper (PS) S-Series** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390, CVE-2018-5391 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\n**PolicyCenter (PC) S-Series** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390, CVE-2018-5391 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nProxySG \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390 | 6.5, 6.6 | Upgrade to later release with fixes. \n6.7 | Upgrade to 6.7.4.8. \n7.1 | Upgrade to later release with fixes. \n7.2 | Not vulnerable, fixed in 7.2.0.1. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5391 | 9.5 | Not vulnerable \n10.1, 10.2, 10.3, 10.4 | Upgrade to later release with fixes. \n10.5 | Not vulnerable, fixed in 10.5.1.1. \n \n \n\nSecurity Analytics \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390, CVE-2018-5391 | 7.2 | Not available at this time \n8.0, 7.3 | Upgrade to later release with fixes. \n8.1 | Not vulnerable, fixed in 8.1.1. \n \n \n\nSSL Visibility (SSLV) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390 | 3.10 | Not available at this time \n3.11 | Upgrade to later release with fixes. \n3.12 | Not available at this time \n4.2, 4.3, 4.4 | Not vulnerable \n4.5 | Not available at this time \n5.0 | Not available at this time \nCVE-2018-5391 | 3.10 | Not available at this time \n3.11 | Upgrade to later release with fixes. \n3.12 | Not available at this time \n4.2, 4.3 | Upgrade to later release with fixes. \n4.4, 4.5, 5.0 | Not available at this time \n \n \n\nX-Series XOS \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5390, CVE-2018-5391 | 10.0, 11.0 | A fix will not be provided. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe following products are not vulnerable: \n**AuthConnector \nBCAAA \nCacheFlow \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server** \n**General Auth Connector Login Application \nHSM Agent for the Luna SP \nIntelligenceCenter \nIntelligenceCenter Data Collector** \n**PacketShaper** \n**PolicyCenter** \n**ProxyAV** \n**ProxyAV ConLog and ConLogXP** \n**Unified Agent \nWeb Isolation \nWSS Mobile Agent \n \n**\n\n### ISSUES \n\nCVE-2017-13715 \n--- \n**Severity / CVSSv3** | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 100517](<https://www.securityfocus.com/bid/100517>) / NVD: [CVE-2017-13715](<https://nvd.nist.gov/vuln/detail/CVE-2017-13715>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in internal state initialization allows a remote attacker to send a crafted MPLS packet and cause denial of source through a system crash, or possibly execute arbitrary code. \n \n \n\nCVE-2017-1000251 \n--- \n**Severity / CVSSv3** | High / 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 100809](<https://www.securityfocus.com/bid/100809>) / NVD: [CVE-2017-1000251](<https://nvd.nist.gov/vuln/detail/CVE-2017-1000251>) \n**Impact** | Code execution \n**Description** | A flaw in L2CAP configuration responses in the native Bluetooth stack allows a remote attacker to send crafted responses and execute arbitrary code. \n \n \n\nCVE-2017-18017 \n--- \n**Severity / CVSSv3** | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 102367](<https://www.securityfocus.com/bid/102367>) / [NVD: CVE-2017-18017](<https://nvd.nist.gov/vuln/detail/CVE-2017-18017>) \n**Impact** | Denial of service \n**Description** | A flaw in TCPMSS firewall target processing allows a remote attacker to send crafted packets and cause denial of service or unspecified other impact. \n \n \n\nCVE-2018-5390 (SegmentSmack) \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 104976](<https://nvd.nist.gov/vuln/detail/CVE-2018-5390>) / NVD: [CVE-2018-5390](<https://nvd.nist.gov/vuln/detail/CVE-2018-5390>) \n**Impact** | Denial of service \n**Description** | A flaw in TCP fragment reassembly allows a remote attacker to send crafted TCP fragments and cause denial of service through CPU exhaustion. \n \n \n\nCVE-2018-5391 (FragmentSmack) \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 105108](<https://www.securityfocus.com/bid/105108>) / NVD: [CVE-2018-5391](<https://nvd.nist.gov/vuln/detail/CVE-2018-5391>) \n**Impact** | Denial of service \n**Description** | A flaw in IP fragment reassembly allows a remote attacker to send crafted IP fragments and cause denial of service. \n \n \n\nCVE-2018-5703 \n--- \n**Severity / CVSSv3** | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | NVD: [CVE-2018-5703](<https://nvd.nist.gov/vuln/detail/CVE-2018-5703>) \n**Impact** | Denial of service \n**Description** | A flaw in the TLS implementation allows a remote attacker to send crafted packets and cause a system crash, resulting in denial of service. \n \n \n\nCVE-2018-1000028 \n--- \n**Severity / CVSSv3** | High / 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n**References** | NVD: [CVE-2018-1000028](<https://nvd.nist.gov/vuln/detail/CVE-2018-1000028>) \n**Impact** | Security control bypass \n**Description** | A flaw in NFS access control allows a remote attacker to get unauthorized read/write access to local files. \n \n \n\nCVE-2018-10938 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 105154](<https://www.securityfocus.com/bid/105154>) / NVD: [CVE-2018-10938](<https://nvd.nist.gov/vuln/detail/CVE-2018-10938>) \n**Impact** | Denial of service \n**Description** | A flaw in packet handling allows a remote attacker to send crafted packets and cause denial of service through an infinite loop. \n \n \n\nCVE-2018-14641 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | NVD: [CVE-2018-14641](<https://nvd.nist.gov/vuln/detail/CVE-2018-14641>) \n**Impact** | Denial of service \n**Description** | A flaw in IP fragment reassembly allows a remote attacker to send crafted IP fragments and cause denial of service. \n \n \n\n### REVISION\n\n2020-11-30 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. \n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is not vulnerable because a fix is available in 3.1.0.0. \n2020-08-19 A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-04-30 A fix will not be provided for ProxySG 6.5. Please upgrade to a later version with the vulnerability fixes. \n2020-04-08 Content Analysis 3.0 is vulnerable to CVE-2018-5391. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Security Analytics 8.1 is not vulnerable because a fix is available in 8.1.1. Fixes will not be provided for Management Center 2.2 and Reporter 10.3. Please upgrade to later versions with the vulnerability fixes. \n2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-28 A fix will not be provided for ASG 7.1 and ProxySG 7.1. Please upgrade to a later version with the vulnerability fix. ASG and ProxySG 7.2 are not vulnerable because fixes are available in 7.2.0.1 EA. \n2020-01-19 A fix will not be provided for Malware Analysis. Please upgrade to a version of Content Analysis with the vulnerability fixes. PacketShaper and ProxyAV are not vulnerable. \n2019-10-02 Web Isolation is not vulnerable. \n2019-09-05 A fix for MC 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-30 Reporter 10.4 is vulnerable to CVE-2018-5390 and CVE-2018-5391. \n2019-08-19 CA, MTD, MC, Reporter 10.x, and SSLV 4.2-4.4 are not vulnerable to CVE-2018-5390. SSLV 3.12 and 4.5 are vulnerable to CVE-2018-5390 and CVE-2018-5391. CA 2.4 is vulnerable to CVE-2018-5391. \n2019-08-13 MC 2.2 and MC 2.3 are vulnerable to CVE-2018-5390 and CVE-2018-5391. A fix for MC 2.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-07 A fix for ASG 6.6 and ProxySG 6.6 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for Reporter 10.1 and 10.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-08-06 A fix for SSLV 4.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-07-25 It was previously reported that a fix for CVE-2018-5390 in ASG 6.7 is available in 6.7.4.141 EA. Further investigation has shown that ASG 6.7.4.141 EA is still vulnerable. A fix for CVE-2018-5390 in ASG 6.7 and ProxySG 6.7 is available in 6.7.4.8. ASG and ProxySG are not vulnerable to CVE-2018-5391. \n2019-02-04 A fix for CA 1.3 and CA 2.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-18 SSLV 5.0 is vulnerable to CVE-2018-5390 and CVE-2018-5391. A fix for SSLV 3.11 and 4.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2019-01-14 Reporter 10.3 is vulnerable to CVE-2018-5390 and CVE-2018-5391. \n2019-01-13 SSLV 3.x and 4.x are vulnerable to CVE-2018-5390 and CVE-2018-5391. A fix is not available at this time. \n2019-01-11 A fix for CA 2.1 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-11-28 initial public release\n", "modified": "2020-12-21T21:38:51", "published": "2018-11-28T08:01:01", "id": "SMNTC-1467", "href": "", "type": "symantec", "title": "Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the systemwide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 6, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-2", "href": "https://ubuntu.com/security/notices/USN-3583-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-5754", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "It was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nUSN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 \narchitecture in Ubuntu 14.04 LTS. This update provides the \ncorresponding mitigations for the ppc64el architecture. Original \nadvisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)", "edition": 5, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-1", "href": "https://ubuntu.com/security/notices/USN-3583-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2018-5803", "CVE-2018-1092", "CVE-2017-16914"], "description": "Package : linux\nVersion : 3.2.101-1\nCVE ID : CVE-2017-0861 CVE-2017-5715 CVE-2017-13166 CVE-2017-16526\n CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914\n CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2018-1068\n CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750\n CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566\n CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781\n CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199\nDebian Bug : 887106\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel\n (amd64 flavour) a local user with access to a suitable video\n device can exploit this to overwrite kernel memory, leading to\n privilege escalation.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a recieved packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel (amd64 flavour), a local user with the CAP_NET_ADMIN\n capability could use this to overwrite kernel memory, possibly\n leading to privilege escalation.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n \u8303\u9f99\u98de (Fan LongFei) reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nAdditionally, some mitigations for CVE-2017-5753 are included in this\nrelease:\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.101-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.101. It also fixes a regression in the\nprocfs hidepid option in the previous version (Debian bug #887106).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 3, "modified": "2018-05-02T20:58:55", "published": "2018-05-02T20:58:55", "id": "DEBIAN:DLA-1369-1:33F82", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201805/msg00000.html", "title": "[SECURITY] [DLA 1369-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:02:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the "noflush_merge" mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2018-05-01T17:12:29", "published": "2018-05-01T17:12:29", "id": "DEBIAN:DSA-4187-1:481CA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00115.html", "title": "[SECURITY] [DSA 4187-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
