Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:2286-1
Rating:	important
References:	bsc#1005778 bsc#1006180 bsc#1011913 bsc#1012829 bsc#1013887 bsc#1015337 bsc#1015342 bsc#1016119 bsc#1019151 bsc#1019695 bsc#1020645 bsc#1022476 bsc#1022600 bsc#1022604 bsc#1023175 bsc#1024346 bsc#1024373 bsc#1025461 bsc#1026570 bsc#1028173 bsc#1028286 bsc#1029693 bsc#1030552 bsc#1031515 bsc#1031717 bsc#1031784 bsc#1033587 bsc#1034075 bsc#1034113 bsc#1034762 bsc#1036215 bsc#1036632 bsc#1037344 bsc#1037404 bsc#1037838 bsc#1037994 bsc#1038078 bsc#1038616 bsc#1038792 bsc#1039153 bsc#1039348 bsc#1039915 bsc#1040307 bsc#1040347 bsc#1040351 bsc#1041958 bsc#1042257 bsc#1042286 bsc#1042314 bsc#1042422 bsc#1042778 bsc#1043261 bsc#1043347 bsc#1043520 bsc#1043598 bsc#1043652 bsc#1043805 bsc#1043912 bsc#1044112 bsc#1044443 bsc#1044623 bsc#1044636 bsc#1045154 bsc#1045293 bsc#1045330 bsc#1045404 bsc#1045563 bsc#1045596 bsc#1045709 bsc#1045715 bsc#1045866 bsc#1045922 bsc#1045937 bsc#1046105 bsc#1046170 bsc#1046434 bsc#1046651 bsc#1046655 bsc#1046682 bsc#1046821 bsc#1046985 bsc#1047027 bsc#1047048 bsc#1047096 bsc#1047118 bsc#1047121 bsc#1047152 bsc#1047174 bsc#1047277 bsc#1047343 bsc#1047354 bsc#1047418 bsc#1047506 bsc#1047595 bsc#1047651 bsc#1047653 bsc#1047670 bsc#1047802 bsc#1048146 bsc#1048155 bsc#1048221 bsc#1048317 bsc#1048348 bsc#1048356 bsc#1048421 bsc#1048451 bsc#1048501 bsc#1048891 bsc#1048912 bsc#1048914 bsc#1048916 bsc#1048919 bsc#1049231 bsc#1049289 bsc#1049298 bsc#1049361 bsc#1049483 bsc#1049486 bsc#1049603 bsc#1049619 bsc#1049645 bsc#1049706 bsc#1049882 bsc#1050061 bsc#1050188 bsc#1050211 bsc#1050320 bsc#1050322 bsc#1050677 bsc#1051022 bsc#1051048 bsc#1051059 bsc#1051239 bsc#1051399 bsc#1051471 bsc#1051478 bsc#1051479 bsc#1051556 bsc#1051663 bsc#1051689 bsc#1051979 bsc#1052049 bsc#1052223 bsc#1052311 bsc#1052325 bsc#1052365 bsc#1052442 bsc#1052533 bsc#1052709 bsc#1052773 bsc#1052794 bsc#1052899 bsc#1052925 bsc#1053043 bsc#1053117 bsc#964063 bsc#974215 bsc#998664
Cross-References:	CVE-2017-1000111 CVE-2017-1000112 CVE-2017-10810 CVE-2017-11473 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831
CVSS scores:	CVE-2017-1000111 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves eight vulnerabilities and has 150 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).
CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).
CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).
CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677).
CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).
CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).

The following non-security bugs were fixed:

acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).
acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).
acpi / processor: Avoid reserving IO regions too early (bsc#1051478).
acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
Add "shutdown" to "struct class" (bsc#1053117).
af_key: Add lock to key dump (bsc#1047653).
af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
alsa: hda - add more ML register definitions (bsc#1048356).
alsa: hda - add sanity check to force the separate stream tags (bsc#1048356).
alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356).
alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356).
alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356).
alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356).
alsa: hda - Fix endless loop of codec configure (bsc#1031717).
alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356).
alsa: hda - Loop interrupt handling until really cleared (bsc#1048356).
alsa: hda - move bus_parse_capabilities to core (bsc#1048356).
alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
alsa: hda - set intel audio clock to a proper value (bsc#1048356).
arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).
arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347).
arm64: Update config files. Disable DEVKMEM
b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
bcache: force trigger gc (bsc#1038078).
bcache: only recovery I/O error for writethrough mode (bsc#1043652).
bcache: only recovery I/O error for writethrough mode (bsc#1043652).
bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).
blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
blacklist.conf: add inapplicable commits for wifi (bsc#1031717)
blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)
blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).
blacklist.conf: add unapplicable drm fixes (bsc#1031717).
blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning.
blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).
blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).
blkfront: add uevent for size change (bnc#1036632).
blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866).
block: add kblock_mod_delayed_work_on() (bsc#1050211).
block: Allow bdi re-registration (bsc#1040307).
block: do not allow updates through sysfs until registration completes (bsc#1047027).
block: Fix front merge check (bsc#1051239).
block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211).
block: Make del_gendisk() safer for disks without queues (bsc#1040307).
block: Move bdi_unregister() to del_gendisk() (bsc#1040307).
block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211).
bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784).
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).
btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).
btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).
btrfs: incremental send, fix invalid path for link commands (bsc#1051479).
btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).
btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).
btrfs: resume qgroup rescan on rw remount (bsc#1047152).
btrfs: Round down values which are written for total_bytes_size (bsc#1043912).
btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).
cifs: Fix some return values in case of error in 'crypt_message' (bnc#1047802).
clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect variable (bsc#1045937).
cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).
cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).
cxgb4: fix a NULL dereference (bsc#1005778).
cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).
cxgb4: fix memory leak in init_one() (bsc#1005778).
cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).
dentry name snapshots (bsc#1049483).
device-dax: fix sysfs attribute deadlock (bsc#1048919).
dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670).
dm: make flush bios explicitly sync (bsc#1050211).
dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520)
drivers/char: kmem: disable on arm64 (bsc#1046655).
drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)
drivers: hv: Fix a typo (fate#320485).
drivers: hv: Fix the bug in generating the guest ID (fate#320485).
drivers: hv: util: Fix a typo (fate#320485).
drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).
drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).
drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).
drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112).
drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
drivers: hv: vmbus: Move the code to signal end of message (fate#320485).
drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485).
drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485).
drivers: hv: vmbus: Restructure the clockevents code (fate#320485).
drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717).
drm/bochs: Implement nomodeset (bsc#1047096).
drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717).
drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).
drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).
drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).
drm/vmwgfx: Fix large topology crash (bsc#1048155).
drm/vmwgfx: Support topology greater than texture size (bsc#1048155).
Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'
efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).
ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).
ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).
Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356).
Fix kABI breakage by KVM CVE fix (bsc#1045922).
fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).
fs: pass on flags in compat_writev (bsc#1050211).
fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
gcov: add support for gcc version >= 6 (bsc#1051663).
gcov: support GCC 7.1 (bsc#1051663).
gfs2: fix flock panic issue (bsc#1012829).
hpsa: limit transfer length to 1MB (bsc#1025461).
hrtimer: Catch invalid clockids again (bsc#1047651).
hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).
hv_netvsc: change netvsc device default duplex to FULL (fate#320485).
hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).
hv_netvsc: Fix the carrier state error when data path is off (fate#320485).
hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421).
hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).
hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).
hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112).
hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112).
hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
hv_util: switch to using timespec64 (fate#320485).
hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).
hyperv: fix warning about missing prototype (fate#320485).
hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).
hyperv: remove unnecessary return variable (fate#320485).
i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913).
i40e: add hw struct local variable (bsc#1039915).
i40e: add private flag to control source pruning (bsc#1034075).
i40e: add VSI info to macaddr messages (bsc#1039915).
i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).
i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).
i40e: delete filter after adding its replacement when converting (bsc#1039915).
i40e: do not add broadcast filter for VFs (bsc#1039915).
i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915).
i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915).
i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915).
i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915).
i40e: fix ethtool to get EEPROM data from X722 interface (bsc#104741