Security update for the Linux Kernel

Announcement ID: SUSE-SU-2019:0901-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-18249 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-2024 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-2024 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3459 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-3459 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-3459 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-3460 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2019-3460 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-3460 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-6974 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2019-6974 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-6974 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-7221 ( SUSE ): 7.5 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2019-7221 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-7222 ( SUSE ): 2.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
  • CVE-2019-7222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-7222 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-9213 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-9213 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-9213 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves eight vulnerabilities and has 102 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
  • CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
  • CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)
  • CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
  • CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
  • CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
  • CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).

The following non-security bugs were fixed:

  • acpi/nfit: Block function zero DSMs (bsc#1123321).
  • acpi, nfit: Fix ARS overflow continuation (bsc#1125000).
  • acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775).
  • acpi/nfit: Fix command-supported detection (bsc#1123323).
  • acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).
  • acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).
  • alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).
  • alpha: fix page fault handling for r16-r18 targets (bnc#1012382).
  • alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
  • alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382).
  • alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).
  • alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).
  • alsa: hda - Serialize codec registrations (bnc#1012382).
  • alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).
  • ARC: perf: map generic branches to correct hardware condition (bnc#1012382).
  • arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
  • arm64: ftrace: do not adjust the LR value (bnc#1012382).
  • arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).
  • arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
  • arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).
  • arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
  • ARM: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).
  • ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382).
  • ARM: dts: da850-evm: Correct the sound card name (bnc#1012382).
  • ARM: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).
  • ARM: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).
  • ARM: dts: mmp2: fix TWSI2 (bnc#1012382).
  • ARM: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).
  • ARM: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).
  • ARM: pxa: avoid section mismatch warning (bnc#1012382).
  • ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382).
  • ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).
  • ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).
  • ata: Fix racy link clearance (bsc#1107866).
  • ax25: fix possible use-after-free (bnc#1012382).
  • batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).
  • batman-adv: Force mac header to start of data on xmit (bnc#1012382).
  • block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435).
  • block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893).
  • block/loop: Use global lock for ioctl() operation (bnc#1012382).
  • block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
  • bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382).
  • bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
  • bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
  • bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382).
  • btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452).
  • btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
  • btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
  • btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
  • btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).
  • btrfs: validate type when reading a chunk (bnc#1012382).
  • btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
  • can: bcm: check timer values before ktime conversion (bnc#1012382).
  • can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382).
  • can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
  • ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773).
  • ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809).
  • ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).
  • char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).
  • ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).
  • cifs: Always resolve hostname before reconnecting (bnc#1012382).
  • cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382).
  • cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).
  • cifs: Do not hide EINTR after sending network packets (bnc#1012382).
  • cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).
  • cifs: Fix potential OOB access of lock element array (bnc#1012382).
  • cifs: Limit memory used by lock request calls to a page (bnc#1012382).
  • clk: imx6q: reset exclusive gates on init (bnc#1012382).
  • clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).
  • copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).
  • cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017).
  • cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).
  • crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).
  • crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
  • crypto: cts - fix crash on short inputs (bnc#1012382).
  • crypto: user - support incremental algorithm dumps (bsc#1120902).
  • crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).
  • crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).
  • cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382).
  • dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).
  • debugfs: fix debugfs_rename parameter checking (bnc#1012382).
  • device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770).
  • Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
  • dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382).
  • dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).
  • dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).
  • dm crypt: factor IV constructor out to separate function (Git-fixes).
  • dm crypt: fix crash by adding missing check for auth key size (git-fixes).
  • dm crypt: fix error return code in crypt_ctr() (git-fixes).
  • dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
  • dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
  • dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
  • dm: do not allow readahead to limit IO size (git fixes (readahead)).
  • dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
  • dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
  • dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382).
  • Documentation/network: reword kernel version reference (bnc#1012382).
  • drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).
  • drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382).
  • drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).
  • drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382).
  • drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).
  • Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389).
  • drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).
  • drm: Fix error handling in drm_legacy_addctx (bsc#1106929)
  • drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)
  • drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929)
  • drm/modes: Prevent division by zero htotal (bnc#1012382).
  • drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929)
  • drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929)
  • drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929)
  • drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429)
  • drm/vmwgfx: Fix setting of dma masks (bsc#1106929)
  • drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929)
  • e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
  • EDAC: Raise the maximum number of memory controllers (bsc#1120722).
  • efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).
  • enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959).
  • enic: do not overwrite error code (bnc#1012382).
  • enic: fix checksum validation for IPv6 (bnc#1012382).
  • exec: load_script: do not blindly truncate shebang string (bnc#1012382).
  • ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).
  • ext4: Fix crash during online resizing (bsc#1122779).
  • f2fs: Add sanity_check_inode() function (bnc#1012382).
  • f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
  • f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
  • f2fs: clean up argument of recover_data (bnc#1012382).
  • f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
  • f2fs: detect wrong layout (bnc#1012382).
  • f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).
  • f2fs: factor out fsync inode entry operations (bnc#1012382).
  • f2fs: fix inode cache leak (bnc#1012382).
  • f2fs: fix invalid memory access (bnc#1012382).
  • f2fs: fix missing up_read (bnc#1012382).
  • f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
  • f2fs: fix to convert inline directory correctly (bnc#1012382).
  • f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
  • f2fs: fix to do sanity check with block address in main area (bnc#1012382).
  • f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).
  • f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
  • f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
  • f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).
  • f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
  • f2fs: fix to do sanity check with user_block_count (bnc#1012382).
  • f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).
  • f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).
  • f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
  • f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
  • f2fs: introduce and spread verify_blkaddr (bnc#1012382).
  • f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
  • f2fs: move dir data flush to write checkpoint process (bnc#1012382).
  • f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
  • f2fs: not allow to write illegal blkaddr (bnc#1012382).
  • f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).
  • f2fs: read page index before freeing (bnc#1012382).
  • f2fs: remove an obsolete variable (bnc#1012382).
  • f2fs: return error during fill_super (bnc#1012382).
  • f2fs: sanity check on sit entry (bnc#1012382).
  • f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).
  • fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929)
  • Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT
  • Fix problem with sharetransport= and NFSv4 (bsc#1114893).
  • fs: add the fsnotify call to vfs_iter_write (bnc#1012382).
  • fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382).
  • fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).
  • fs/epoll: drop ovflist branch prediction (bnc#1012382).
  • fs: fix lost error code in dio_complete (bsc#1117744).
  • fuse: call pipe_buf_release() under pipe lock (bnc#1012382).
  • fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).
  • fuse: handle zero sized retrieve correctly (bnc#1012382).
  • futex: Fix (possible) missed wakeup (bsc#1050549).
  • gdrom: fix a memory leak bug (bnc#1012382).
  • gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382).
  • gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
  • gpio: pl061: handle failed allocations (bnc#1012382).
  • gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)
  • gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)
  • HID: debug: fix the ring buffer implementation (bnc#1012382).
  • HID: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).
  • hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382).
  • hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382).
  • hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).
  • i2c-axxia: check for error conditions first (bnc#1012382).
  • i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).
  • IB/core: type promotion bug in rdma_rw_init_one_mr() ().
  • ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
  • ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
  • ibmvnic: Increase maximum queue size limit (bsc#1121726).
  • ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
  • ibmvnic: Report actual backing device speed and duplex values (bsc#1129923).
  • ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).
  • IB/rxe: Fix incorrect cache cleanup in error flow ().
  • IB/rxe: replace kvfree with vfree ().
  • igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382).
  • inet: frags: add a pointer to struct netns_frags (bnc#1012382).
  • inet: frags: better deal with smp races (bnc#1012382).
  • inet: frags: break the 2GB limit for frags storage (bnc#1012382).
  • inet: frags: change inet_frags_init_net() return value (bnc#1012382).
  • inet: frags: do not clone skb in ip_expire() (bnc#1012382).
  • inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).
  • inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).
  • inet: frags: get rif of inet_frag_evicting() (bnc#1012382).
  • inet: frags: refactor ipfrag_init() (bnc#1012382).
  • inet: frags: refactor ipv6_frag_init() (bnc#1012382).
  • inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).
  • inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).
  • inet: frags: remove some helpers (bnc#1012382).
  • inet: frags: reorganize struct netns_frags (bnc#1012382).
  • inet: frags: use rhashtables for reassembly units (bnc#1012382).
  • input: bma150 - register input device after setting private data (bnc#1012382).
  • input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382).
  • input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382).
  • input: mms114 - fix license module information (bsc#1087092).
  • input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).
  • intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017).
  • iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
  • iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
  • iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
  • iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382).
  • iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237).
  • iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238).
  • iommu/vt-d: Check identity map for hot-added devices (bsc#1129239).
  • iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
  • iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240).
  • ip: add helpers to process in-order fragments faster (bnc#1012382).
  • ipfrag: really prevent allocation on netns exit (bnc#1012382).
  • ip: frags: fix crash in ip_do_fragment() (bnc#1012382).
  • ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
  • ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).
  • ip: process in-order fragments efficiently (bnc#1012382).
  • ip: use rb trees for IP frag queue (bnc#1012382).
  • ipv4: frags: precedence bug in ip_expire() (bnc#1012382).
  • ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382).
  • ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).
  • ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
  • ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).
  • ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).
  • irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382).
  • isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382).
  • ixgbe: fix crash in build_skb Rx code path (git-fixes).
  • jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).
  • kABI: protect linux/kfifo.h include in hid-debug (kabi).
  • kABI: protect struct hda_bus (kabi).
  • kABI: protect struct inet_peer (kabi).
  • kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
  • kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).
  • kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).
  • kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).
  • kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).
  • kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382).
  • kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).
  • KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
  • kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248).
  • kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248).
  • kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248).
  • kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248).
  • kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413).
  • kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414).
  • kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415).
  • kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416).
  • kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417).
  • kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).
  • kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).
  • kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418).
  • kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).
  • kvm: x86: Fix single-step debugging (bnc#1012382).
  • kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419).
  • kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).
  • l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).
  • l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).
  • l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).
  • libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810).
  • libceph: handle an empty authorize reply (bsc#1126772).
  • libnvdimm: fix ars_status output length calculation (bsc#1124777).
  • libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811).
  • libnvdimm: Use max contiguous area for namespace size (bsc#1124780).
  • locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).
  • loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).
  • loop: Fold __loop_release into loop_release (bnc#1012382).
  • loop: Get rid of loop_index_mutex (bnc#1012382).
  • LSM: Check for NULL cred-security on free (bnc#1012382).
  • mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382).
  • mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).
  • md: batch flush requests (bsc#1119680).
  • mdio_bus: Fix use-after-free on device_register fails (git-fixes).
  • media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382).
  • media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
  • media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).
  • media: vb2: be sure to unlock mutex on errors (bnc#1012382).
  • media: vb2: vb2_mmap: move lock up (bnc#1012382).
  • media: vivid: fix error handling of kthread_run (bnc#1012382).
  • media: vivid: set min width/height to a value > 0 (bnc#1012382).
  • memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382).
  • mfd: as3722: Handle interrupts on suspend (bnc#1012382).
  • mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382).
  • mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
  • misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).
  • mISDN: fix a race in dev_expire_timer() (bnc#1012382).
  • mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes).
  • mlxsw: reg: Use correct offset in field definiton (git-fixes).
  • mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
  • mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).
  • mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382).
  • mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382).
  • mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731).
  • mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382).
  • mm: only report isolation failures when offlining memory (generic hotplug debugability).
  • mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).
  • mm, page_alloc: drop should_suppress_show_mem (bn