Security update for the Linux Kernel

Announcement ID: SUSE-SU-2020:3484-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-0430 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-0430 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-12351 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-12351 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-12352 ( SUSE ): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2020-12352 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-14351 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-14351 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-16120 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-16120 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-25212 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25212 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25285 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25285 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25645 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-25645 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-25656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25656 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-25668 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25668 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25669 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25669 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2020-25704 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25704 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-25705 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-25705 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2020-8694 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-8694 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • Public Cloud Module 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0

An update that solves 15 vulnerabilities and has 75 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bug fixes.

The following security bugs were fixed:

  • CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782).
  • CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).
  • CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).
  • CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).
  • CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).
  • CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
  • CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
  • CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
  • CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
  • CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
  • CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
  • CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" (bsc#1177725).
  • CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
  • CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).

The following non-security bugs were fixed:

  • 9P: Cast to loff_t before multiplying (git-fixes).
  • acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).
  • ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).
  • ACPI: dock: fix enum-conversion warning (git-fixes).
  • ACPI / extlog: Check for RDMSR failure (git-fixes).
  • ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).
  • ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).
  • ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
  • ALSA: compress_offload: remove redundant initialization (git-fixes).
  • ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
  • ALSA: core: pcm: simplify locking for timers (git-fixes).
  • ALSA: core: timer: clarify operator precedence (git-fixes).
  • ALSA: core: timer: remove redundant assignment (git-fixes).
  • ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).
  • ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
  • ALSA: hda - Do not register a cb func if it is registered already (git-fixes).
  • ALSA: hda - Fix the return value if cb func is already registered (git-fixes).
  • ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).
  • ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).
  • ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).
  • ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).
  • ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).
  • ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
  • ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
  • ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
  • ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
  • ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
  • ALSA: usb-audio: fix spelling mistake "Frequence" -> "Frequency" (git-fixes).
  • amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).
  • amd-xgbe: Add additional dynamic debug messages (git-fixes).
  • amd-xgbe: Add additional ethtool statistics (git-fixes).
  • amd-xgbe: Add ethtool show/set channels support (git-fixes).
  • amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).
  • amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).
  • amd-xgbe: Add hardware features debug output (git-fixes).
  • amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).
  • amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).
  • amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).
  • amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).
  • amd-xgbe: Always attempt link training in KR mode (git-fixes).
  • amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).
  • amd-xgbe: Convert to generic power management (git-fixes).
  • amd-xgbe: Fix debug output of max channel counts (git-fixes).
  • amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).
  • amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).
  • amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).
  • amd-xgbe: fix spelling mistake: "avialable" -> "available" (git-fixes).
  • amd-xgbe: Handle return code from software reset function (git-fixes).
  • amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).
  • amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).
  • amd-xgbe: Limit the I2C error messages that are output (git-fixes).
  • amd-xgbe: Mark expected switch fall-throughs (git-fixes).
  • amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).
  • amd-xgbe: Prepare for ethtool set-channel support (git-fixes).
  • amd-xgbe: Read and save the port property registers during probe (git-fixes).
  • amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).
  • amd-xgbe: remove unnecessary conversion to bool (git-fixes).
  • amd-xgbe: Remove use of comm_owned field (git-fixes).
  • amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).
  • amd-xgbe: Simplify the burst length settings (git-fixes).
  • amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).
  • amd-xgbe: use dma_mapping_error to check map errors (git-fixes).
  • amd-xgbe: Use __napi_schedule() in BH context (git-fixes).
  • amd-xgbe: Use the proper register during PTP initialization (git-fixes).
  • ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
  • ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
  • ata: sata_rcar: Fix DMA boundary mask (git-fixes).
  • ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
  • ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).
  • ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).
  • ath10k: provide survey info as accumulated data (git-fixes).
  • ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).
  • ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).
  • ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).
  • ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).
  • backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).
  • blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).
  • block: ensure bdi->io_pages is always initialized (bsc#1177749).
  • Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
  • Bluetooth: Only mark socket zapped after unlocking (git-fixes).
  • bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11).
  • bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).
  • bpf: Zero-fill re-used per-cpu map element (git-fixes).
  • brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
  • brcmfmac: check ndev pointer (git-fixes).
  • brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
  • btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).
  • btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
  • btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).
  • btrfs: fix incorrect updating of log root tree (bsc#1177687).
  • btrfs: fix race between page release and a fast fsync (bsc#1177687).
  • btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).
  • btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
  • btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).
  • btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).
  • btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
  • btrfs: release old extent maps during page release (bsc#1177687).
  • btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).
  • btrfs: remove root usage from can_overcommit (bsc#1131277).
  • btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).
  • btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).
  • btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).
  • bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).
  • can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).
  • can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
  • can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).
  • can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).
  • can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).
  • can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).
  • can: peak_usb: add range checking in decode operations (git-fixes).
  • can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).
  • can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).
  • can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).
  • ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).
  • ceph: map snapid to anonymous bdev ID (bsc#1178234).
  • ceph: promote to unsigned long long before shifting (bsc#1178187).
  • clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).
  • clk: at91: remove the checking of parent_name (git-fixes).
  • clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).
  • clk: imx8mq: Fix usdhc parents order (git-fixes).
  • clk: ti: clockdomain: fix static checker warning (git-fixes).
  • coredump: fix crash when umh is disabled (bsc#1177753).
  • crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
  • crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).
  • crypto: ccp - fix error handling (git-fixes).
  • crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).
  • crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).
  • crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).
  • cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
  • cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
  • device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).
  • device property: Keep secondary firmware node secondary by type (git-fixes).
  • Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes
  • dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
  • docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
  • drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).
  • drivers: net: add missing interrupt.h include (git-fixes).
  • drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).
  • drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).
  • drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).
  • drm/amdgpu: do not map BO in reserved region (git-fixes).
  • drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
  • drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).
  • drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).
  • drm/gma500: fix error check (git-fixes).
  • drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).
  • drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).
  • drm/imx: tve remove extraneous type qualifier (git-fixes).
  • drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).
  • drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
  • drm/sun4i: mixer: Extend regmap max_register (git-fixes).
  • drm/ttm: fix eviction valuable range check (git-fixes).
  • drm/vc4: drv: Add error handding for bind (git-fixes).
  • Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838).
  • ea43d9709f72 ("nvme: fix identify error status silent ignore")
  • EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).
  • eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
  • efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes).
  • Fix use after free in get_capset_info callback (git-fixes).
  • ftrace: Fix recursion check for NMI test (git-fixes).
  • ftrace: Handle tracing when switching between context (git-fixes).
  • gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).
  • gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).
  • HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).
  • HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).
  • hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).
  • hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).
  • hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820).
  • hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).
  • i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
  • i2c: meson: fix clock setting overwrite (git-fixes).
  • ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
  • ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
  • ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
  • ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).
  • icmp: randomize the global rate limiter (git-fixes).
  • iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).
  • iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).
  • iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
  • iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
  • iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
  • iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).
  • iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).
  • iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).
  • ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).
  • include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)).
  • Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).
  • Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).
  • Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).
  • Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).
  • Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).
  • Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
  • Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).
  • iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
  • iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
  • ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).
  • ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).
  • iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
  • kbuild: enforce -Werror=return-type (bsc#1177281).
  • kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.
  • kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).
  • leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).
  • leds: mt6323: move period calculation (git-fixes).
  • libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188).
  • libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
  • lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
  • livepatch: Test if -fdump-ipa-clones is really available
  • mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).
  • mac80211: handle lack of sband->bitrates in rates (git-fixes).
  • macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
  • mailbox: avoid timer start from callback (git-fixes).
  • media: ati_remote: sanity check for both endpoints (git-fixes).
  • media: bdisp: Fix runtime PM imbalance on error (git-fixes).
  • media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).
  • media: exynos4-is: Fix a reference count leak (git-fixes).
  • media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).
  • media: firewire: fix memory leak (git-fixes).
  • media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
  • media: media/pci: prevent memory leak in bttv_probe (git-fixes).
  • media: omap3isp: Fix memleak in isp_probe (git-fixes).
  • media: platform: fcp: Fix a reference count leak (git-fixes).
  • media: platform: Improve queue set up flow for bug fixing (git-fixes).
  • media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
  • media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
  • media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" (git-fixes).
  • media: s5p-mfc: Fix a reference count leak (git-fixes).
  • media: saa7134: avoid a shift overflow (git-fixes).
  • media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
  • media: sti: Fix reference count leaks (git-fixes).
  • media: tc358743: initialize variable (git-fixes).
  • media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
  • media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
  • media: tw5864: check status of tw5864_frameinterval_get (git-fixes).
  • media: usbtv: Fix refcounting mixup (git-fixes).
  • media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
  • media: vsp1: Fix runtime PM imbalance on error (git-fixes).
  • memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).
  • memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).
  • memory: omap-gpmc: Fix a couple off by ones (git-fixes).
  • mfd: sm501: Fix leaks in probe() (git-fixes).
  • mic: vop: copy data to kernel space then write to io memory (git-fixes).
  • misc: mic: scif: Fix error handling path (git-fixes).
  • misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
  • misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).
  • mlx5 PPC ringsize workaround (bsc#1173432).
  • mlx5: remove support for ib_get_vector_affinity (bsc#1174748).
  • mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
  • mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).
  • mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
  • mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
  • mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
  • mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).
  • mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)).
  • mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
  • mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).
  • mm/m