Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2017:2286-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves eight vulnerabilities and has 150 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).
- CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).
- CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
- CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).
- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
- CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677).
- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).
- CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).
The following non-security bugs were fixed:
- acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).
- acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).
- acpi / processor: Avoid reserving IO regions too early (bsc#1051478).
- acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
- Add "shutdown" to "struct class" (bsc#1053117).
- af_key: Add lock to key dump (bsc#1047653).
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
- alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
- alsa: hda - add more ML register definitions (bsc#1048356).
- alsa: hda - add sanity check to force the separate stream tags (bsc#1048356).
- alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356).
- alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356).
- alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356).
- alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356).
- alsa: hda - Fix endless loop of codec configure (bsc#1031717).
- alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356).
- alsa: hda - Loop interrupt handling until really cleared (bsc#1048356).
- alsa: hda - move bus_parse_capabilities to core (bsc#1048356).
- alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
- alsa: hda - set intel audio clock to a proper value (bsc#1048356).
- arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).
- arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347).
- arm64: Update config files. Disable DEVKMEM
- b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
- bcache: force trigger gc (bsc#1038078).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bcache: only recovery I/O error for writethrough mode (bsc#1043652).
- bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).
- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
- blacklist.conf: add inapplicable commits for wifi (bsc#1031717)
- blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)
- blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).
- blacklist.conf: add unapplicable drm fixes (bsc#1031717).
- blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning.
- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).
- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).
- blkfront: add uevent for size change (bnc#1036632).
- blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866).
- block: add kblock_mod_delayed_work_on() (bsc#1050211).
- block: Allow bdi re-registration (bsc#1040307).
- block: do not allow updates through sysfs until registration completes (bsc#1047027).
- block: Fix front merge check (bsc#1051239).
- block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211).
- block: Make del_gendisk() safer for disks without queues (bsc#1040307).
- block: Move bdi_unregister() to del_gendisk() (bsc#1040307).
- block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211).
- bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784).
- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).
- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).
- btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
- btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).
- btrfs: incremental send, fix invalid path for link commands (bsc#1051479).
- btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).
- btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).
- btrfs: resume qgroup rescan on rw remount (bsc#1047152).
- btrfs: Round down values which are written for total_bytes_size (bsc#1043912).
- btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).
- cifs: Fix some return values in case of error in 'crypt_message' (bnc#1047802).
- clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect variable (bsc#1045937).
- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
- crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).
- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).
- cxgb4: fix a NULL dereference (bsc#1005778).
- cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).
- cxgb4: fix memory leak in init_one() (bsc#1005778).
- cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).
- dentry name snapshots (bsc#1049483).
- device-dax: fix sysfs attribute deadlock (bsc#1048919).
- dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670).
- dm: make flush bios explicitly sync (bsc#1050211).
- dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520)
- drivers/char: kmem: disable on arm64 (bsc#1046655).
- drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)
- drivers: hv: Fix a typo (fate#320485).
- drivers: hv: Fix the bug in generating the guest ID (fate#320485).
- drivers: hv: util: Fix a typo (fate#320485).
- drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).
- drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).
- drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).
- drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112).
- drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
- drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
- drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
- drivers: hv: vmbus: Move the code to signal end of message (fate#320485).
- drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485).
- drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485).
- drivers: hv: vmbus: Restructure the clockevents code (fate#320485).
- drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717).
- drm/bochs: Implement nomodeset (bsc#1047096).
- drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717).
- drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).
- drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).
- drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).
- drm/vmwgfx: Fix large topology crash (bsc#1048155).
- drm/vmwgfx: Support topology greater than texture size (bsc#1048155).
- Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'
- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).
- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).
- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).
- Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356).
- Fix kABI breakage by KVM CVE fix (bsc#1045922).
- fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).
- fs: pass on flags in compat_writev (bsc#1050211).
- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
- gcov: add support for gcc version >= 6 (bsc#1051663).
- gcov: support GCC 7.1 (bsc#1051663).
- gfs2: fix flock panic issue (bsc#1012829).
- hpsa: limit transfer length to 1MB (bsc#1025461).
- hrtimer: Catch invalid clockids again (bsc#1047651).
- hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).
- hv_netvsc: change netvsc device default duplex to FULL (fate#320485).
- hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).
- hv_netvsc: Fix the carrier state error when data path is off (fate#320485).
- hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421).
- hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).
- hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).
- hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112).
- hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112).
- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
- hv_util: switch to using timespec64 (fate#320485).
- hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).
- hyperv: fix warning about missing prototype (fate#320485).
- hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).
- hyperv: remove unnecessary return variable (fate#320485).
- i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913).
- i40e: add hw struct local variable (bsc#1039915).
- i40e: add private flag to control source pruning (bsc#1034075).
- i40e: add VSI info to macaddr messages (bsc#1039915).
- i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).
- i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).
- i40e: delete filter after adding its replacement when converting (bsc#1039915).
- i40e: do not add broadcast filter for VFs (bsc#1039915).
- i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915).
- i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915).
- i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915).
- i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915).
- i40e: fix ethtool to get EEPROM data from X722 interface (bsc#104741