File _patchinfo of Package patchinfo.7243
<patchinfo incident="7243"> <issue id="1012382" tracker="bnc">Continuous stable update tracker for 4.4</issue> <issue id="1031717" tracker="bnc">Missing SLE12-SP2 fixes</issue> <issue id="1046610" tracker="bnc">L3: frequent misfunction of virtual NICs on XEN domUs</issue> <issue id="1057734" tracker="bnc">System Hangs need to read kdump</issue> <issue id="1070536" tracker="bnc">Load average 500+ issued by kworker after server backup with VSS (on Hyper-V)</issue> <issue id="1075428" tracker="bnc">Applying all sle12 updates till date,seems to disturb existing network configuration causing machine to be isolated from net</issue> <issue id="1076847" tracker="bnc">SLES12 SP3 - s390/cpuinfo: show facilities as reported by stfle</issue> <issue id="1077560" tracker="bnc">kaiser patches in 3.0, 3.12, 4.4 map kernel stack</issue> <issue id="1082153" tracker="bnc">Division-by-zero kernel bug testing swap agent</issue> <issue id="1082299" tracker="bnc">Backport of shadow variables</issue> <issue id="1083125" tracker="bnc">KGraft: small race in reversion code</issue> <issue id="1083745" tracker="bnc">git-fixes: backport 72639e6df412 fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate()</issue> <issue id="1083836" tracker="bnc">Combination of 4.4.116+ kernel with older KMP makes user-space crashing</issue> <issue id="1084353" tracker="bnc">VUL-0: CVE-2018-7740: kernel: The resv_map_release function allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls</issue> <issue id="1084610" tracker="bnc">SLES 12 SP3 - VNICs failing during first migration (LPM)</issue> <issue id="1084721" tracker="bnc">L3: probably corrupt btrfs results in VM not starting</issue> <issue id="1084829" tracker="bnc">VUL-1: CVE-2018-8043: kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service</issue> <issue id="1085042" tracker="bnc">L3: XEN VM block device hang SLES-12 SP2</issue> <issue id="1085185" tracker="bnc">Partner-L3: [HPE Bug] Please back port: watchdog: hpwdt: Remove legacy NMI sourcing.</issue> <issue id="1085224" tracker="bnc">SLES12 SP3:ZZ:VNIC - HTX misc (POWER9/P9)</issue> <issue id="1085402" tracker="bnc">md-cluster: the check in raid1_write_request is wrong</issue> <issue id="1085404" tracker="bnc">SLES 12 SP3 - Virtual FC errors at vios and disk errors at clients (POWER9)</issue> <issue id="1086162" tracker="bnc">VUL-1: CVE-2018-8822: kernel-source: Memory corruption in ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c</issue> <issue id="1086194" tracker="bnc">kernel BUG soft lockup - CPU# stuck for xxs! [PoolThread:254797]</issue> <issue id="1087088" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-8897: POP SS</issue> <issue id="1087260" tracker="bnc">kernel-default-base-3.0.101-108.35.1 breaks certain 32bit binaries running on 64bit SLES11</issue> <issue id="1087845" tracker="bnc">SKL processor be add in blacklist of microcode broken in SLE12SP3 MU kernel branch</issue> <issue id="1088242" tracker="bnc">SLES12 SP3 maintweb [4.4.103-6.33-default] [POWER9/P9 LPAR ]: kdump fails with Oops when SMT is set to 2 or off and dump is triggered from HMC.</issue> <issue id="1088600" tracker="bnc">SLES12SP3: With BondingInterface, Network going down while VIOS is rebooted (ibmvnic/failover)</issue> <issue id="1088684" tracker="bnc">memory corruption under exotic circumstances with ch920 USB LAN devices</issue> <issue id="1089198" tracker="bnc">SLES12 SP3 KOTD: Failovers, MTU change, changing rx/tx buffers for GlacierPark vnic generates Call traces (ibmvnic/POWER9)</issue> <issue id="1089608" tracker="bnc">VUL-0: CVE-2018-10087: kernel-source: The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13 did not check the pid for INT_MIN</issue> <issue id="1089644" tracker="bnc">SLES12SP3 KOTD: Running HTX on GlacierPark vnic devices causes one of the them to be DEAD (P9/ibmvnic/GlacierPark/ZZ)</issue> <issue id="1089752" tracker="bnc">VUL-0: CVE-2018-10124: kernel-source: The kill_something_info function in kernel/signal.c in the Linux kernel before4.13, when an unspecified architecture and compiler is used, might allow localusers to cause a denial of service via an IN</issue> <issue id="1090643" tracker="bnc">VUL-0: CVE-2018-8781: kernel-source: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space</issue> <issue id="1088241" tracker="bnc">VUL-0: CVE-2017-18257: kernel-source: The __get_data_block function in fs/f2fs/data.c in the Linux kernel before4.11 allows local users to cause a denial of service (integer overflow andloop) via crafted use of the open and fallocate syst</issue> <issue id="2018-8781" tracker="cve" /> <issue id="2018-10124" tracker="cve" /> <issue id="2018-10087" tracker="cve" /> <issue id="2017-18257" tracker="cve" /> <issue id="2018-8822" tracker="cve" /> <issue id="2018-8043" tracker="cve" /> <issue id="2018-7740" tracker="cve" /> <issue id="2018-1087" tracker="cve" /> <issue id="2018-8897" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>tiwai</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - Revert "watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185)." This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
