Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:0407-1
Rating:	important
References:	bsc#1003813 bsc#1005666 bsc#1007197 bsc#1008557 bsc#1008567 bsc#1008831 bsc#1008833 bsc#1008876 bsc#1008979 bsc#1009062 bsc#1009969 bsc#1010040 bsc#1010213 bsc#1010294 bsc#1010475 bsc#1010478 bsc#1010501 bsc#1010502 bsc#1010507 bsc#1010612 bsc#1010711 bsc#1010716 bsc#1011685 bsc#1012060 bsc#1012422 bsc#1012754 bsc#1012917 bsc#1012985 bsc#1013001 bsc#1013038 bsc#1013479 bsc#1013531 bsc#1013533 bsc#1013540 bsc#1013604 bsc#1014410 bsc#1014746 bsc#1016713 bsc#1016725 bsc#1016961 bsc#1017164 bsc#1017170 bsc#1017410 bsc#1017710 bsc#1018100 bsc#1019032 bsc#1019148 bsc#1019260 bsc#1019300 bsc#1019783 bsc#1019851 bsc#1020214 bsc#1020602 bsc#1021258 bsc#856380 bsc#857394 bsc#858727 bsc#921338 bsc#921778 bsc#922052 bsc#922056 bsc#923036 bsc#923037 bsc#924381 bsc#938963 bsc#972993 bsc#980560 bsc#981709 bsc#983087 bsc#983348 bsc#984194 bsc#984419 bsc#985850 bsc#987192 bsc#987576 bsc#990384 bsc#991273 bsc#993739 bsc#997807 bsc#999101
Cross-References:	CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-7910 CVE-2016-7911 CVE-2016-7913 CVE-2016-7914 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9083 CVE-2016-9084 CVE-2016-9555 CVE-2016-9576 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551
CVSS scores:	CVE-2015-8962 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2015-8962 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2015-8963 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2015-8963 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2015-8964 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2016-10088 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-10088 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-7910 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-7910 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7910 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7911 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7911 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7913 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7913 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7913 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-7914 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2016-7914 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2016-8399 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-8632 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-8632 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-8633 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-8633 ( NVD ): 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-8645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-8655 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-8655 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9083 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9083 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9084 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9555 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-9555 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-9555 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-9576 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9576 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9756 ( SUSE ): 4.1 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2016-9756 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2016-9793 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9793 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9794 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9794 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9794 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9806 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9806 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9806 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-2583 ( NVD ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-2584 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2017-5551 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2017-5551 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:	SUSE Linux Enterprise Real Time Extension 12 SP1 SUSE Linux Enterprise Server 12 SP1

An update that solves 24 vulnerabilities and has 56 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).
CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).
CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).
CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).
CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).
CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).
CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).
CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).
CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831).
CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833).
CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969).
CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754).
CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197).
CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197).
CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604).
CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038).
CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531).
CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533).
CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540).
CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector" (bsc#1020602).
CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851).
CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).

The following non-security bugs were fixed:

8250_pci: Fix potential use-after-free in error path (bsc#1013001).
block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).
bna: Add synchronization for tx ring (bsc#993739).
bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056).
bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).
btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).
btrfs: Revert "do not delay inode ref updates during log replay" (bsc#987192).
btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100).
btrfs: do not delay inode ref updates during log replay (bsc#987192).
btrfs: fix incremental send failure caused by balance (bsc#985850).
btrfs: fix relocation incorrectly dropping data references (bsc#990384).
btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).
btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).
btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).
btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876).
cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294).
ext4: fix data exposure after a crash (bsc#1012985).
fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194).
fuse: do not use iocb after it may have been freed (bsc#1012985).
hpilo: Add support for iLO5 (bsc#999101).
ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338).
ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).
ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).
ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
ibmveth: calculate gso_segs for large packets (bsc#1019148).
ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148).
ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
ibmveth: set correct gso_size and gso_type (bsc#1019148).
igb: Fix oops caused by missing queue pairing (bnc#857394).
ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062).
ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).
kabi: protect __sk_mem_reclaim (kabi).
kabi: protect struct perf_event_context (kabi).
kabi: reintroduce sk_filter (kabi).
kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072).
kgr: ignore zombie tasks during the patching (bnc#1008979).
kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612).
kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).
net/mlx5e: Do not modify CQ before it was created (bnc#923036).
net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036).
net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).
net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
netback: correct array index (bsc#983348).
nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).
nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410).
ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus.
powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).
proc: avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260).
raid1: ignore discard error (bsc#1017164).
reiserfs: fix race in prealloc discard (bsc#987576).
rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060)
rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).
sfc: clear napi_hash state when copying channels (bsc#923037).
sfc: fix potential stack corruption from running past stat bitmask (bsc#923037).
sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).
sunrpc: Fix reconnection timeouts (bsc#1014410).
sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).
target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273).
target: add XCOPY target/segment desc sense codes (bsc#991273).
target: bounds check XCOPY segment descriptor list (b