Security update for the Linux Kernel

Announcement ID: SUSE-SU-2019:1532-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-17972 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-7191 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7191 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11190 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11190 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11477 ( SUSE ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11478 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11478 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11479 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11486 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11833 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11884 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-12382 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-12382 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-3846 ( SUSE ): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.0 CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2019-5489 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2019-5489 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE CaaS Platform 3.0
  • SUSE Container as a Service Platform 1.0
  • SUSE Container as a Service Platform 2.0
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves 13 vulnerabilities and has 73 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic.
  • CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.
  • CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power.
  • CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)
  • CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)
  • CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)
  • CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)
  • CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
  • CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472)
  • CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)
  • CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)
  • CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785)
  • CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188)

The following non-security bugs were fixed:

  • 9p locks: add mount option for lock retry interval (bnc#1012382).
  • 9p: do not trust pdu content for stat item size (bnc#1012382).
  • X.509: unpack RSA signatureValue field from BIT STRING (git-fixes).
  • acpi / sbs: Fix GPE storm on recent MacBookPro's (bnc#1012382).
  • alsa: core: Fix card races between register and disconnect (bnc#1012382).
  • alsa: echoaudio: add a check for ioremap_nocache (bnc#1012382).
  • alsa: info: Fix racy addition/deletion of nodes (bnc#1012382).
  • alsa: line6: use dynamic buffers (bnc#1012382).
  • alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382).
  • alsa: pcm: check if ops are defined before suspending PCM (bnc#1012382).
  • alsa: sb8: add a check for request_region (bnc#1012382).
  • alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382).
  • appletalk: Fix compile regression (bnc#1012382).
  • appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382).
  • arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040).
  • arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040).
  • arm64: Add helper to decode register from instruction (bsc#1126040).
  • arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382).
  • arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382).
  • arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382).
  • arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382).
  • arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040).
  • arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040).
  • arm64: module: split core and init PLT sections (bsc#1126040).
  • arm: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382).
  • arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382).
  • arm: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382).
  • arm: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382).
  • arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382).
  • arm: dts: pfla02: increase phy reset duration (bnc#1012382).
  • arm: iop: do not use using 64-bit DMA masks (bnc#1012382).
  • arm: orion: do not use using 64-bit DMA masks (bnc#1012382).
  • arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382).
  • asoc: Intel: avoid Oops if DMA setup fails (bnc#1012382).
  • asoc: cs4270: Set auto-increment bit for register writes (bnc#1012382).
  • asoc: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382).
  • asoc: fsl_esai: fix channel swap issue when stream starts (bnc#1012382).
  • asoc: tlv320aic32x4: Fix Common Pins (bnc#1012382).
  • asoc:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).
  • backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929)
  • bcache: Move couple of functions to sysfs.c (bsc#1130972).
  • bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
  • bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
  • bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).
  • bcache: add MODULE_DESCRIPTION information (bsc#1130972).
  • bcache: add a comment in super.c (bsc#1130972).
  • bcache: add code comments for bset.c (bsc#1130972).
  • bcache: add comment for cache_set->fill_iter (bsc#1130972).
  • bcache: add identifier names to arguments of function definitions (bsc#1130972).
  • bcache: add missing SPDX header (bsc#1130972).
  • bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
  • bcache: add static const prefix to char * array declarations (bsc#1130972).
  • bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
  • bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
  • bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
  • bcache: comment on direct access to bvec table (bsc#1130972).
  • bcache: correct dirty data statistics (bsc#1130972).
  • bcache: do not assign in if condition in bcache_device_init() (bsc#1130972).
  • bcache: do not assign in if condition in bcache_init() (bsc#1130972).
  • bcache: do not assign in if condition register_bcache() (bsc#1130972).
  • bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
  • bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
  • bcache: do not clone bio in bch_data_verify (bsc#1130972).
  • bcache: do not mark writeback_running too early (bsc#1130972).
  • bcache: export backing_dev_name via sysfs (bsc#1130972).
  • bcache: export backing_dev_uuid via sysfs (bsc#1130972).
  • bcache: fix code comments style (bsc#1130972).
  • bcache: fix indent by replacing blank by tabs (bsc#1130972).
  • bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
  • bcache: fix input integer overflow of congested threshold (bsc#1130972).
  • bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382).
  • bcache: fix input overflow to journal_delay_ms (bsc#1130972).
  • bcache: fix input overflow to sequential_cutoff (bnc#1012382).
  • bcache: fix input overflow to writeback_delay (bsc#1130972).
  • bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
  • bcache: fix ioctl in flash device (bsc#1130972).
  • bcache: fix mistaken code comments in bcache.h (bsc#1130972).
  • bcache: fix mistaken comments in request.c (bsc#1130972).
  • bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
  • bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
  • bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
  • bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
  • bcache: improve sysfs_strtoul_clamp() (bnc#1012382).
  • bcache: introduce force_wake_up_gc() (bsc#1130972).
  • bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
  • bcache: move open brace at end of function definitions to next line (bsc#1130972).
  • bcache: never writeback a discard operation (bsc#1130972).
  • bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
  • bcache: option to automatically run gc thread after writeback (bsc#1130972).
  • bcache: panic fix for making cache device (bsc#1130972).
  • bcache: prefer 'help' in Kconfig (bsc#1130972).
  • bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
  • bcache: recal cached_dev_sectors on detach (bsc#1130972).
  • bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
  • bcache: remove unused bch_passthrough_cache (bsc#1130972).
  • bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
  • bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
  • bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
  • bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
  • bcache: replace printk() by pr_*() routines (bsc#1130972).
  • bcache: set writeback_percent in a flexible range (bsc#1130972).
  • bcache: split combined if-condition code into separate ones (bsc#1130972).
  • bcache: stop using the deprecated get_seconds() (bsc#1130972).
  • bcache: style fix to add a blank line after declarations (bsc#1130972).
  • bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
  • bcache: style fixes for lines over 80 characters (bsc#1130972).
  • bcache: trace missed reading by cache_missed (bsc#1130972).
  • bcache: treat stale and dirty keys as bad keys (bsc#1130972).
  • bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
  • bcache: update comment for bch_data_insert (bsc#1130972).
  • bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
  • bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
  • bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
  • bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
  • bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
  • bcache: writeback: properly order backing device IO (bsc#1130972).
  • binfmt_elf: switch to new creds when switching to new mm (bnc#1012382).
  • bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).
  • block: check_events: do not bother with events if unsupported (bsc#1110946).
  • block: disk_events: introduce event flags (bsc#1110946).
  • block: do not leak memory in bio_copy_user_iov() (bnc#1012382).
  • block: fix use-after-free on gendisk (bsc#1136448).
  • bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382).
  • bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382).
  • bnxt_en: Improve multicast address setup logic (bnc#1012382).
  • bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).
  • bonding: fix event handling for stacked bonds (bnc#1012382).
  • bonding: show full hw address in sysfs for slave entries (bnc#1012382).
  • bpf: reject wrong sized filters earlier (bnc#1012382).
  • bridge: Fix error path for kobject_init_and_add() (bnc#1012382).
  • btrfs: Do not panic when we can't find a root key (bsc#1112063).
  • btrfs: Factor out common delayed refs init code (bsc#1134813).
  • btrfs: Introduce init_delayed_ref_head (bsc#1134813).
  • btrfs: Open-code add_delayed_data_ref (bsc#1134813).
  • btrfs: Open-code add_delayed_tree_ref (bsc#1134813).
  • btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).
  • btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).
  • btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).
  • btrfs: add a helper to return a head ref (bsc#1134813).
  • btrfs: breakout empty head cleanup to a helper (bsc#1134813).
  • btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: move all ref head cleanup to the helper function (bsc#1134813).
  • btrfs: move extent_op cleanup to a helper (bsc#1134813).
  • btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).
  • btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806).
  • btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).
  • btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).
  • btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).
  • btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338).
  • btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651).
  • btrfs: remove delayed_ref_node from ref_head (bsc#1134813).
  • btrfs: split delayed ref head initialization and addition (bsc#1134813).
  • btrfs: track refs in a rb_tree instead of a list (bsc#1134813).
  • cdc-acm: cleaning up debug in data submission path (bsc#1136539).
  • cdc-acm: fix race between reset and control messaging (bsc#1106110).
  • cdc-acm: handle read pipe errors (bsc#1135878).
  • cdc-acm: reassemble fragmented notifications (bsc#1136590).
  • cdc-acm: store in and out pipes in acm structure (bsc#1136575).
  • cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382).
  • ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564).
  • ceph: fix ci->i_head_snapc leak (bsc#1122776).
  • ceph: fix use-after-free on symlink traversal (bsc#1134565).
  • ceph: only use d_name directly when parent is locked (bsc#1134566).
  • cifs: Fix NULL pointer dereference of devname (bnc#1012382).
  • cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382).
  • cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382).
  • cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
  • cifs: use correct format characters (bnc#1012382).
  • clk: fix mux clock documentation (bsc#1090888).
  • coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382).
  • cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178).
  • cpupower: remove stringop-truncation waring (bsc#1119086).
  • crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382).
  • crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382).
  • crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382).
  • crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162).
  • crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162).
  • crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162).
  • crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162).
  • crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162).
  • crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382).
  • debugfs: fix use-after-free on symlink traversal (bnc#1012382).
  • device_cgroup: fix RCU imbalance in error case (bnc#1012382).
  • dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382).
  • dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382).
  • dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382).
  • documentation: Add MDS vulnerability documentation (bnc#1012382).
  • documentation: Add nospectre_v1 parameter (bnc#1012382).
  • documentation: Correct the possible MDS sysfs values (bnc#1012382).
  • documentation: Move L1TF to separate directory (bnc#1012382).
  • drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382).
  • drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382).
  • drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929)
  • drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382).
  • drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929)
  • drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929)
  • drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929)
  • drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)
  • drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929)
  • drm/vc4: Account for interrupts in flight (bsc#1106929)
  • drm/vc4: Allocate the right amount of space for boot-time CRTC state.