Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for the Linux Kernel

The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs.

The following security bugs were fixed:

- CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573).
- CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).
- CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).
- CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).
- CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235).
- CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).
- CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).
- CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).
- CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity (bnc#1008842).
- CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785).

The following non-security bugs were fixed:

- ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).
- ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).
- ACPI: Remove platform devices from a bus on removal (bsc#1028819).
- add mainline tag to one hyperv patch
- bnx2x: allow adding VLANs while interface is down (bsc#1027273).
- btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).
- btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325).
- btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325).
- btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461).
- btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325).
- btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015)
- crypto: algif_hash - avoid zero-sized array (bnc#1007962).
- cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).
- drivers: hv: vmbus: Prevent sending data on a rescinded channel (fate#320485, bug#1028217).
- drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).
- drm/i915: Listen for PMIC bus access notifications (bsc#1011913).
- drm/mgag200: Added support for the new device G200eH3 (bsc#1007959, fate#322780)
- ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).
- Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56).
- futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).
- futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).
- i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913).
- i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913).
- i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913).
- i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913).
- i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913).
- i2c-designware: increase timeout (bsc#1011913).
- i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913).
- i2c: designware: Rename accessor_flags to flags (bsc#1011913).
- kABI: protect struct iscsi_conn (kabi).
- kABI: protect struct se_node_acl (kabi).
- kABI: restore can_rx_register parameters (kabi).
- kgr/module: make a taint flag module-specific (fate#313296).
- kgr: remove all arch-specific kgraft header files (fate#313296).
- l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).
- l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).
- l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415).
- l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415).
- l2tp: lock socket before checking flags in connect() (bsc#1028415).
- md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783).
- md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).
- md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783).
- md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783).
- mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195).
- mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195).
- module: move add_taint_module() to a header file (fate#313296).
- net/ena: change condition for host attribute configuration (bsc#1026509).
- net/ena: change driver's default timeouts (bsc#1026509).
- net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509).
- net: ena: Fix error return code in ena_device_init() (bsc#1026509).
- net/ena: fix ethtool RSS flow configuration (bsc#1026509).
- net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509).
- net/ena: fix potential access to freed memory during device reset (bsc#1026509).
- net/ena: fix queues number calculation (bsc#1026509).
- net/ena: fix RSS default hash configuration (bsc#1026509).
- net/ena: reduce the severity of ena printouts (bsc#1026509).
- net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509).
- net/ena: remove ntuple filter support from device feature list (bsc#1026509).
- net: ena: remove superfluous check in ena_remove() (bsc#1026509).
- net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).
- net/ena: update driver version to 1.1.2 (bsc#1026509).
- net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).
- net: ena: use setup_timer() and mod_timer() (bsc#1026509).
- net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017).
- net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017).
- net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017).
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017).
- net/mlx4_en: Fix bad WQE issue (bsc#1028017).
- NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041).
- nvme: Do not suspend admin queue that wasn't created (bsc#1026505).
- nvme: Suspend all queues before deletion (bsc#1026505).
- PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (fate#320485, bug#1028217).
- PCI: hv: Use device serial number as PCI domain (fate#320485, bug#1028217).
- powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
- RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783).
- RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783).
- Revert "give up on gcc ilog2() constant optimizations" (kabi).
- Revert "net: introduce device min_header_len" (kabi).
- Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow" (bsc#1028017).
- Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).
- Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).
- Revert "target: Fix NULL dereference during LUN lookup + active I/O shutdown" (kabi).
- rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462).
- s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).
- s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683, LTC#152318).
- sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419).
- scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).
- scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054).
- softirq: Let ksoftirqd do its job (bsc#1019618).
- supported.conf: Add tcp_westwood as supported module (fate#322432)
- taint/module: Clean up global and module taint flags handling (fate#313296).
- Update mainline reference in patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch See (bsc#1028158) for the context in which this was discovered upstream.
- x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).
- x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).
- x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).
- x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).
- x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).
- x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913).
- x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220).
- x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).
- x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).
- x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).
- x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866).
- x86/platform/UV: Clean up the UV APIC code (bsc#1023866).
- x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866).
- x86/platform/UV: Fix 2 socket config problem (bsc#1023866).
- x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).
- x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866).
- x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866).
- xen-blkfront: correct maximum segment accounting (bsc#1018263).
- xen-blkfront: do not call talk_to_blkback when already connected to blkback.
- xen/blkfront: Fix crash if backend does not follow the right states.
- xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
- xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).
- xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).
- xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609).

Fixed bugs
bnc#1007959
HPE needs updated mgag200 driver for SLES 12 SP2
bnc#1007962
UBSAN: Undefined behaviour in ../crypto/algif_hash.c:187
bnc#1008842
VUL-1: CVE-2016-9191: kernel: local DoS with cgroup offline code
bnc#1011913
Preload-L3: i2c-designware semaphore timeout error on Cherry Trail devices
bnc#1012910
Partner-L3: [HPS Bug] multipath failover is unreliable
bnc#1013994
cd9c57cad3fe ("x86/MCE: Dump MCE to dmesg if no consumers")
bnc#1015609
Need SLES 12 SP2 PTF kernel based off partner fixes from SLES 11SP3
bnc#1017461
btrfs balance renders system unresponsive and eventually even kills WiFi when quota is enabled
bnc#1017641
Update banners across all languages on SUSE.com - time spent in quarter
bnc#1018263
IO to LUNs hangs when using xen-blkfront on OVM host
bnc#1018419
mysql perl script causes high load average on SLES 12 SP1
bnc#1019163
large number of cpus (host AND guest) setting up too many transmit and receive queues
bnc#1019618
SLE12 SP3 performance backports: irq
bnc#1020048
[SLES12 SP2] "Data miscompare on a read" is observed during the rebuilding of degraded MDRAID VDs
bnc#1022785
VUL-1: CVE-2017-2596: kernel-source: kvm:page reference leakage in handle_vmon
bnc#1023866
Update patches to complete SGI UV4 functionality
bnc#1024015
EBUSY with too many parallel mounts
bnc#1025235
VUL-1: CVE-2017-5986: kernel-source: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
bnc#1025683
SLES 12 SP2 - IBM LTC System z maintenance kernel patches (#10)
bnc#1026405
VUL-0: kernel-source: permission problem in direct-I/O support for DAX mappings.
bnc#1026462
BUG: unable to handle kernel NULL pointer dereference at 0000000000000 048
bnc#1026505
SLES 12 SP2 - Panic BUG_ON in pci/msi.c when removing NVMe device
bnc#1026509
Update driver for Amazon Elastic Network Adapters (ENA)
bnc#1026692
Chelsio: "hw csum failure" and traces observed in dmesg while running IPv6 traffic
bnc#1026722
VUL-0: CVE-2017-6214: kernel-source: ipv4/tcp: infinite loop in tcp_splice_read()
bnc#1027054
L3: SLES12SP2: tur checker again resulting in reservation conflict messages
bnc#1027066
VUL-0: CVE-2017-6353: kernel-source: sctp: deny peeloff operation on asocs with threads sleeping on it
bnc#1027179
VUL-1: CVE-2017-6347: kernel-source: ip: fix IP_CHECKSUM handling
bnc#1027189
VUL-1: CVE-2017-6346: kernel-source: packet: fix races in fanout_add()
bnc#1027190
VUL-1: CVE-2017-6345: kernel-source: net/llc: avoid BUG_ON() in skb_orphan()
bnc#1027195
backport "mm: fix set pageblock migratetype in deferred struct page init"
bnc#1027273
vlan on bond interface does not start when one enslaved NIC is down
bnc#1027565
VUL-0: CVE-2017-2636: kernel-source: tty: n_hdlc: get rid of racy n_hdlc.tbuf
bnc#1027575
VUL-0: CVE-2017-2636: kernel live patch: tty: n_hdlc: get rid of racy n_hdlc.tbuf
bnc#1028017
[Azure] [Linux SR-IOV] mlx4 bug fixes for Linux guest over Azure Hyper-V
bnc#1028041
Cavium NFS root export error: Stale file handle
bnc#1028158
Update AST graphics driver for SLE12-SP3
bnc#1028217
[Hyper-V] SR-IOV in Azure (rebase to upstream 4.10)
bnc#1028325
Backport a few btrfs send/receives fixes from upstream into SLE12-SP2/SP3
bnc#1028372
VUL-0: CVE-2017-2636: kernel-source: local privilege escalation flaw in n_hdlc
bnc#1028415
VUL-0: CVE-2016-10200: kernel-source: l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
bnc#1028819
KunLun Server Hotplug: BAR allocation failures when a previously unplugged board is added again
bnc#1028895
blacklist tool versions known to build broken kernels
bnc#1029220
Remove warning message for multiple NMI handlers
bnc#1029986
L3: ext4 first meta block group too large
bnc#1030573
VUL-0: CVE-2017-7184: kernel-source: xfrm kernel heap out-of-bounds access
bnc#1030575
VUL-0: CVE-2017-7184: kernel live patch: xfrm kernel heap out-of-bounds access
bnc#951844
[HP HPS Bug] SLES12SP1 RC2 system boots to emergency mode
bnc#968697
VUL-0: CVE-2016-2117: kernel: memory disclosure into ethernet frames due to incorrect driver handling of scatter/gather IO
bnc#969755
SLE12 SP2 performance backports: futex
bnc#982783
SLES 11 SP4 - Severe performance degradation with RAID1 configuration (using NVMe on POWER)
bnc#998106
[Intel SLES 12 SP2 BUG] Patrol read gets stuck for RAID1 array
CVE-2017-7184
CVE-2016-10200
CVE-2017-2636
CVE-2017-6345
CVE-2017-6346
CVE-2017-6353
CVE-2017-6214
CVE-2016-2117
CVE-2017-6347
CVE-2016-9191
CVE-2017-2596
Selected Binaries
openSUSE Build Service is sponsored by
Places