Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2019:0470-1
Rating:	important
References:	bsc#1012382 bsc#1023175 bsc#1087036 bsc#1094823 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896 bsc#1106105 bsc#1106929 bsc#1107866 bsc#1109695 bsc#1114893 bsc#1116653 bsc#1119680 bsc#1120722 bsc#1120758 bsc#1120902 bsc#1121726 bsc#1122650 bsc#1122651 bsc#1122779 bsc#1122885 bsc#1123321 bsc#1123323 bsc#1123357
Cross-References:	CVE-2017-18249 CVE-2019-3459 CVE-2019-3460
CVSS scores:	CVE-2017-18249 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-3459 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-3459 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3459 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3460 ( SUSE ): 2.6 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-3460 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-3460 ( NVD ): 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Real Time 12 SP3 SUSE Linux Enterprise Server 12 SP3

An update that solves three vulnerabilities and has 24 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036).
• CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758).
• CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758).

The following non-security bugs were fixed:

• Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
• Fix problem with sharetransport= and NFSv4 (bsc#1114893).
• Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
• Yama: Check for pid death before checking ancestry (bnc#1012382).
• acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).
• acpi/nfit: Block function zero DSMs (bsc#1123321).
• acpi/nfit: Fix command-supported detection (bsc#1123323).
• acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).
• alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
• alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).
• arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
• arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
• arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
• ata: Fix racy link clearance (bsc#1107866).
• block/loop: Use global lock for ioctl() operation (bnc#1012382).
• block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
• Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).
• Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
• Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
• Btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
• Btrfs: validate type when reading a chunk (bnc#1012382).
• Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
• can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
• cifs: Do not hide EINTR after sending network packets (bnc#1012382).
• cifs: Fix potential OOB access of lock element array (bnc#1012382).
• clk: imx6q: reset exclusive gates on init (bnc#1012382).
• crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
• crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).
• crypto: cts - fix crash on short inputs (bnc#1012382).
• crypto: user - support incremental algorithm dumps (bsc#1120902).
• dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).
• dm crypt: factor IV constructor out to separate function (Git-fixes).
• dm crypt: fix crash by adding missing check for auth key size (git-fixes).
• dm crypt: fix error return code in crypt_ctr() (git-fixes).
• dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
• dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes).
• dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
• dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
• dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
• dm: do not allow readahead to limit IO size (git fixes (readahead)).
• e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
• edac: Raise the maximum number of memory controllers (bsc#1120722).
• efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).
• ext4: Fix crash during online resizing (bsc#1122779).
• ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).
• f2fs: Add sanity_check_inode() function (bnc#1012382).
• f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
• f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
• f2fs: clean up argument of recover_data (bnc#1012382).
• f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
• f2fs: detect wrong layout (bnc#1012382).
• f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).
• f2fs: factor out fsync inode entry operations (bnc#1012382).
• f2fs: fix inode cache leak (bnc#1012382).
• f2fs: fix invalid memory access (bnc#1012382).
• f2fs: fix missing up_read (bnc#1012382).
• f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
• f2fs: fix to convert inline directory correctly (bnc#1012382).
• f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
• f2fs: fix to do sanity check with block address in main area (bnc#1012382).
• f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).
• f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
• f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
• f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).
• f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
• f2fs: fix to do sanity check with user_block_count (bnc#1012382).
• f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).
• f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
• f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
• f2fs: introduce and spread verify_blkaddr (bnc#1012382).
• f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
• f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
• f2fs: not allow to write illegal blkaddr (bnc#1012382).
• f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).
• f2fs: remove an obsolete variable (bnc#1012382).
• f2fs: return error during fill_super (bnc#1012382).
• f2fs: sanity check on sit entry (bnc#1012382).
• f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).
• gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
• i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).
• ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
• ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
• ibmvnic: Increase maximum queue size limit (bsc#1121726).
• ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
• iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
• iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
• iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
• iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
• ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).
• ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
• ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).
• ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).
• ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
• jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).
• kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
• kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).
• kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).
• loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).
• loop: Fold __loop_release into loop_release (bnc#1012382).
• loop: Get rid of loop_index_mutex (bnc#1012382).
• lsm: Check for NULL cred-security on free (bnc#1012382).
• md: batch flush requests (bsc#1119680).
• media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
• media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).
• media: vb2: be sure to unlock mutex on errors (bnc#1012382).
• media: vb2: vb2_mmap: move lock up (bnc#1012382).
• media: vivid: fix error handling of kthread_run (bnc#1012382).
• media: vivid: set min width/height to a value > 0 (bnc#1012382).
• mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
• mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).
• mips: fix n32 compat_ipc_parse_version (bnc#1012382).
• mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382).
• mm, slab: faster active and free stats (bsc#1116653, VM Performance).
• mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance).
• mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382).
• mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance).
• mm: only report isolation failures when offlining memory (generic hotplug debugability).
• mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
• net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).
• net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
• net: speed up skb_rbtree_purge() (bnc#1012382).
• ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
• omap2fb: Fix stack memory disclosure (bsc#1106929)
• packet: Do not leak dev refcounts on error exit (bnc#1012382).
• pci: altera: Check link status before retrain link (bnc#1012382).
• pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
• pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).
• pci: altera: Poll for link training status after retraining the link (bnc#1012382).
• pci: altera: Poll for link up status after retraining the link (bnc#1012382).
• pci: altera: Reorder read/write functions (bnc#1012382).
• pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).
• perf intel-pt: Fix error with config term "pt=0" (bnc#1012382).
• perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
• perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
• platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).
• powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
• powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).
• powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
• powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
• powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
• powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
• powerpc/smp: Rework CPU topology construction (bsc#1109695).
• powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
• powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
• powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695).
• powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).
• powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).
• proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
• pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
• r8169: Add support for new Realtek Ethernet (bnc#1012382).
• scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
• scsi: sd: Fix cache_type_store() (bnc#1012382).
• scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).
• sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
• selinux: fix GPF on invalid policy (bnc#1012382).
• slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).
• sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
• sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
• tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
• tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
• tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
• tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
• tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
• tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
• usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).
• usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
• usb: storage: add quirk for SMI SM3350 (bnc#1012382).
• usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).
• writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
• x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP3
  zypper in -t patch SUSE-SLE-RT-12-SP3-2019-470=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP3 (x86_64)
  • dlm-kmp-rt-debuginfo-4.4.172-3.35.1
  • dlm-kmp-rt-4.4.172-3.35.1
  • kernel-rt-debuginfo-4.4.172-3.35.1
  • kernel-rt_debug-debugsource-4.4.172-3.35.1
  • ocfs2-kmp-rt-4.4.172-3.35.1
  • gfs2-kmp-rt-debuginfo-4.4.172-3.35.1
  • kernel-rt-base-4.4.172-3.35.1
  • ocfs2-kmp-rt-debuginfo-4.4.172-3.35.1
  • cluster-md-kmp-rt-debuginfo-4.4.172-3.35.1
  • kernel-rt_debug-devel-4.4.172-3.35.1
  • gfs2-kmp-rt-4.4.172-3.35.1
  • kernel-rt-devel-4.4.172-3.35.1
  • kernel-syms-rt-4.4.172-3.35.1
  • kernel-rt-base-debuginfo-4.4.172-3.35.1
  • kernel-rt-debugsource-4.4.172-3.35.1
  • kernel-rt_debug-devel-debuginfo-4.4.172-3.35.1
  • cluster-md-kmp-rt-4.4.172-3.35.1
  • kernel-rt_debug-debuginfo-4.4.172-3.35.1
• SUSE Linux Enterprise Real Time 12 SP3 (noarch)
  • kernel-source-rt-4.4.172-3.35.1
  • kernel-devel-rt-4.4.172-3.35.1
• SUSE Linux Enterprise Real Time 12 SP3 (nosrc x86_64)
  • kernel-rt-4.4.172-3.35.1
• SUSE Linux Enterprise Real Time 12 SP3 (nosrc)
  • kernel-rt_debug-4.4.172-3.35.1

References:

• https://www.suse.com/security/cve/CVE-2017-18249.html
• https://www.suse.com/security/cve/CVE-2019-3459.html
• https://www.suse.com/security/cve/CVE-2019-3460.html
• https://bugzilla.suse.com/show_bug.cgi?id=1012382
• https://bugzilla.suse.com/show_bug.cgi?id=1023175
• https://bugzilla.suse.com/show_bug.cgi?id=1087036
• https://bugzilla.suse.com/show_bug.cgi?id=1094823
• https://bugzilla.suse.com/show_bug.cgi?id=1102875
• https://bugzilla.suse.com/show_bug.cgi?id=1102877
• https://bugzilla.suse.com/show_bug.cgi?id=1102879
• https://bugzilla.suse.com/show_bug.cgi?id=1102882
• https://bugzilla.suse.com/show_bug.cgi?id=1102896
• https://bugzilla.suse.com/show_bug.cgi?id=1106105
• https://bugzilla.suse.com/show_bug.cgi?id=1106929
• https://bugzilla.suse.com/show_bug.cgi?id=1107866
• https://bugzilla.suse.com/show_bug.cgi?id=1109695
• https://bugzilla.suse.com/show_bug.cgi?id=1114893
• https://bugzilla.suse.com/show_bug.cgi?id=1116653
• https://bugzilla.suse.com/show_bug.cgi?id=1119680
• https://bugzilla.suse.com/show_bug.cgi?id=1120722
• https://bugzilla.suse.com/show_bug.cgi?id=1120758
• https://bugzilla.suse.com/show_bug.cgi?id=1120902
• https://bugzilla.suse.com/show_bug.cgi?id=1121726
• https://bugzilla.suse.com/show_bug.cgi?id=1122650
• https://bugzilla.suse.com/show_bug.cgi?id=1122651
• https://bugzilla.suse.com/show_bug.cgi?id=1122779
• https://bugzilla.suse.com/show_bug.cgi?id=1122885
• https://bugzilla.suse.com/show_bug.cgi?id=1123321
• https://bugzilla.suse.com/show_bug.cgi?id=1123323
• https://bugzilla.suse.com/show_bug.cgi?id=1123357