Security update for the Linux Kernel

Announcement ID: SUSE-SU-2019:1527-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-17972 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-7191 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7191 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11190 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11190 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11477 ( SUSE ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11477 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11478 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11478 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11479 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-11479 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-11486 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11486 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11815 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-11833 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11833 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-11884 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-11884 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2019-12382 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2019-12382 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-3846 ( SUSE ): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-3846 ( NVD ): 8.0 CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2019-5489 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2019-5489 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves 14 vulnerabilities and has 81 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586)

  • CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

  • CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.

  • CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)

  • CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586)

  • CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843).

  • CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)

  • CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603)

  • CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543)

  • CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537)

  • CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848)

  • CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785)

  • CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bnc#1133188)

The following new features were implemented:

  • Updated the Chelsio cxgb4vf driver with the latest upstream patches. (fate#321660)

  • Backported changes into e1000e kernel module to support systems using the Intel I219-LM NIC chip. (fate#326719)

  • Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747)

  • Update the QLogic/Cavium qed driver (NET). (fate#321703)

  • Update the QLogic/Cavium qede driver (NET). (fate#321702)

  • Update the Chelsio iw_cxgb4 driver with the latest upstream patches. (fate#321661)

  • Update the Chelsio cxgb4 driver with the latest upstream patches. (fate#321658)

  • Update support for Intel Omni Path (OPA) kernel driver. (fate#321473)

  • Update the QIB driver to the latest upstream version for up-to-date functionality and hardware support. (fate#321231)

The following non-security bugs were fixed:

  • 9p locks: add mount option for lock retry interval (bnc#1012382).
  • 9p: do not trust pdu content for stat item size (bnc#1012382).
  • ACPI / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382).
  • ALSA: PCM: check if ops are defined before suspending PCM (bnc#1012382).
  • ALSA: core: Fix card races between register and disconnect (bnc#1012382).
  • ALSA: echoaudio: add a check for ioremap_nocache (bnc#1012382).
  • ALSA: info: Fix racy addition/deletion of nodes (bnc#1012382).
  • ALSA: line6: use dynamic buffers (bnc#1012382).
  • ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382).
  • ALSA: sb8: add a check for request_region (bnc#1012382).
  • ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012382).
  • ARM: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382).
  • ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382).
  • ARM: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382).
  • ARM: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382).
  • ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382).
  • ARM: dts: pfla02: increase phy reset duration (bnc#1012382).
  • ARM: iop: do not use using 64-bit DMA masks (bnc#1012382).
  • ARM: orion: do not use using 64-bit DMA masks (bnc#1012382).
  • ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382).
  • ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382).
  • ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382).
  • ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382).
  • ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382).
  • ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382).
  • ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382).
  • Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382).
  • Bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382).
  • CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).
  • Correct bsc/FATE numbers.
  • Do not jump to compute_result state from check_result state (bnc#1012382).
  • Documentation: Add MDS vulnerability documentation (bnc#1012382).
  • Documentation: Add nospectre_v1 parameter (bnc#1012382).
  • Documentation: Correct the possible MDS sysfs values (bnc#1012382).
  • Documentation: Move L1TF to separate directory (bnc#1012382).
  • HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382).
  • HID: input: add mapping for Expose/Overview key (bnc#1012382).
  • HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382).
  • IB/hfi1: Eliminate opcode tests on mr deref ().
  • IB/hfi1: Unreserve a reserved request when it is completed ().
  • IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382).
  • IB/mlx4: Increase the timeout for CM cache (bnc#1012382).
  • IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace ().
  • IB/rdmavt: Fix frwr memory registration ().
  • Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382).
  • KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382).
  • KVM: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382).
  • KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382).
  • MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382).
  • NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).
  • NFS: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).
  • NFS: Fix I/O request leakages (git-fixes).
  • NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382).
  • PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382).
  • PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142).
  • PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642).
  • PCI: xilinx-nwl: Add missing of_node_put() (bsc#1100132).
  • RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781).
  • RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604).
  • Revert "block/loop: Use global lock for ioctl() operation." (bnc#1012382).
  • Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (bsc#1110946).
  • Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable backports).
  • Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (bsc#1110946).
  • Revert "kbuild: use -Oz instead of -Os when using clang" (bnc#1012382).
  • Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" (bnc#1012382).
  • Revert "netns: provide pure entropy for net_hash_mix()" (kabi).
  • Revert "sched: Add sched_smt_active()" (stable backports).
  • Revert "x86/MCE: Save microcode revision in machine check records" (kabi).
  • Revert "x86/kprobes: Verify stack frame on kretprobe" (kabi).
  • Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable backports).
  • Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable backports).
  • SoC: imx-sgtl5000: add missing put_device() (bnc#1012382).
  • UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770).
  • UAS: fix alignment of scatter/gather segments (bsc#1129770).
  • USB: Add new USB LPM helpers (bsc#1129770).
  • USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770).
  • USB: cdc-acm: fix unthrottle races (bsc#1135642).
  • USB: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382).
  • USB: core: Fix unterminated string returned by usb_string() (bnc#1012382).
  • USB: serial: fix unthrottle races (bnc#1012382).
  • USB: serial: use variable for status (bnc#1012382).
  • USB: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382).
  • USB: yurex: Fix protection fault after device removal (bnc#1012382).
  • X.509: unpack RSA signatureValue field from BIT STRING (git-fixes).
  • appletalk: Fix compile regression (bnc#1012382).
  • appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382).
  • arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040).
  • arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040).
  • arm64: Add helper to decode register from instruction (bsc#1126040).
  • arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382).
  • arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382).
  • arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382).
  • arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382).
  • arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040).
  • arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040).
  • arm64: module: split core and init PLT sections (bsc#1126040).
  • backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929)
  • bcache: Move couple of functions to sysfs.c (bsc#1130972).
  • bcache: Move couple of string arrays to sysfs.c (bsc#1130972).
  • bcache: Populate writeback_rate_minimum attribute (bsc#1130972).
  • bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).
  • bcache: add MODULE_DESCRIPTION information (bsc#1130972).
  • bcache: add a comment in super.c (bsc#1130972).
  • bcache: add code comments for bset.c (bsc#1130972).
  • bcache: add comment for cache_set->fill_iter (bsc#1130972).
  • bcache: add identifier names to arguments of function definitions (bsc#1130972).
  • bcache: add missing SPDX header (bsc#1130972).
  • bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).
  • bcache: add static const prefix to char * array declarations (bsc#1130972).
  • bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).
  • bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).
  • bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).
  • bcache: comment on direct access to bvec table (bsc#1130972).
  • bcache: correct dirty data statistics (bsc#1130972).
  • bcache: do not assign in if condition in bcache_device_init() (bsc#1130972).
  • bcache: do not assign in if condition in bcache_init() (bsc#1130972).
  • bcache: do not assign in if condition register_bcache() (bsc#1130972).
  • bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).
  • bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).
  • bcache: do not clone bio in bch_data_verify (bsc#1130972).
  • bcache: do not mark writeback_running too early (bsc#1130972).
  • bcache: export backing_dev_name via sysfs (bsc#1130972).
  • bcache: export backing_dev_uuid via sysfs (bsc#1130972).
  • bcache: fix code comments style (bsc#1130972).
  • bcache: fix indent by replacing blank by tabs (bsc#1130972).
  • bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).
  • bcache: fix input integer overflow of congested threshold (bsc#1130972).
  • bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382).
  • bcache: fix input overflow to journal_delay_ms (bsc#1130972).
  • bcache: fix input overflow to sequential_cutoff (bnc#1012382).
  • bcache: fix input overflow to writeback_delay (bsc#1130972).
  • bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).
  • bcache: fix ioctl in flash device (bsc#1130972).
  • bcache: fix mistaken code comments in bcache.h (bsc#1130972).
  • bcache: fix mistaken comments in request.c (bsc#1130972).
  • bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).
  • bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).
  • bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).
  • bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).
  • bcache: improve sysfs_strtoul_clamp() (bnc#1012382).
  • bcache: introduce force_wake_up_gc() (bsc#1130972).
  • bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).
  • bcache: move open brace at end of function definitions to next line (bsc#1130972).
  • bcache: never writeback a discard operation (bsc#1130972).
  • bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).
  • bcache: option to automatically run gc thread after writeback (bsc#1130972).
  • bcache: panic fix for making cache device (bsc#1130972).
  • bcache: prefer 'help' in Kconfig (bsc#1130972).
  • bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).
  • bcache: recal cached_dev_sectors on detach (bsc#1130972).
  • bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).
  • bcache: remove unused bch_passthrough_cache (bsc#1130972).
  • bcache: remove useless parameter of bch_debug_init() (bsc#1130972).
  • bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).
  • bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).
  • bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).
  • bcache: replace printk() by pr_*() routines (bsc#1130972).
  • bcache: set writeback_percent in a flexible range (bsc#1130972).
  • bcache: split combined if-condition code into separate ones (bsc#1130972).
  • bcache: stop using the deprecated get_seconds() (bsc#1130972).
  • bcache: style fix to add a blank line after declarations (bsc#1130972).
  • bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).
  • bcache: style fixes for lines over 80 characters (bsc#1130972).
  • bcache: trace missed reading by cache_missed (bsc#1130972).
  • bcache: treat stale && dirty keys as bad keys (bsc#1130972).
  • bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).
  • bcache: update comment for bch_data_insert (bsc#1130972).
  • bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).
  • bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).
  • bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).
  • bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).
  • bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).
  • bcache: writeback: properly order backing device IO (bsc#1130972).
  • binfmt_elf: switch to new creds when switching to new mm (bnc#1012382).
  • bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382).
  • block: check_events: do not bother with events if unsupported (bsc#1110946).
  • block: disk_events: introduce event flags (bsc#1110946).
  • block: do not leak memory in bio_copy_user_iov() (bnc#1012382).
  • block: fix use-after-free on gendisk (bsc#1136448).
  • bnxt_en: Improve multicast address setup logic (bnc#1012382).
  • bonding: fix arp_validate toggling in active-backup mode (bnc#1012382).