SUSE-SU-2017:1360-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1360-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:1360-1
Related
Published
2017-05-19T12:12:38Z
Modified
2017-05-19T12:12:38Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes.

Notable new/improved features: - Improved support for Hyper-V - Support for the tcp_westwood TCP scheduling algorithm

The following security bugs were fixed:

  • CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877).
  • CVE-2017-6951: The keyringsearchaux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type. (bsc#1029850).
  • CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyringsearchiterator function in keyring.c. (bsc#1030593)
  • CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTLJOINSESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576)
  • CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336).
  • CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670).
  • CVE-2017-7308: The packetsetring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579)
  • CVE-2017-2671: The pingunhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTOICMP in a socket system call (bnc#1031003)
  • CVE-2017-7294: The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)
  • CVE-2017-7261: The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZEROSIZEPTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052)
  • CVE-2017-7187: The sgioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SGNEXTCMDLEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213)
  • CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bsc#1015703).
  • CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).
  • CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to net/l2tp/l2tpip.c and net/l2tp/l2tp_ip6.c (bnc#1028415)
  • CVE-2016-10208: The ext4fillsuper function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).
  • CVE-2017-5897: The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bsc#1023762).
  • CVE-2017-5986: A race condition in the sctpwaitfor_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235).
  • CVE-2017-6074: The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel mishandled DCCPPKTREQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6RECVPKTINFO setsockopt system call (bnc#1026024)
  • CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842)
  • CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).
  • CVE-2016-10044: The aiomount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an iosetup system call (bnc#1023992).
  • CVE-2016-3070: The tracewritebackdirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacts with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).
  • CVE-2016-5243: The tipcnlcompatlinkdump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).
  • CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190)
  • CVE-2017-6346: Race condition in net/packet/afpacket.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKETFANOUT setsockopt system calls (bnc#1027189)
  • CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066)
  • CVE-2017-5986: Race condition in the sctpwaitfor_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235).
  • CVE-2017-6214: The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722)
  • CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697)
  • CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bsc#914939).
  • CVE-2016-7117: Use-after-free vulnerability in the _sysrecvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003077).

The following non-security bugs were fixed:

  • ACPI / APEI: Fix NMI notification handling (bsc#917630).
  • arch: Mass conversion of smpmb_*() (bsc#1020795).
  • asm-generic: add _smpxxx wrappers (bsc#1020795).
  • block: remove struct request buffer member (bsc#1020795).
  • block: submitbiowait() conversions (bsc#1020795).
  • bonding: Advertize vxlan offload features when supported (bsc#1009682).
  • bonding: handle more gso types (bsc#1009682).
  • bonding: use the correct ether type for alb (bsc#1028595).
  • btrfs: allow unlink to exceed subvolume quota (bsc#1015821).
  • btrfs: Change qgroupmetarsv to 64bit (bsc#1015821).
  • btrfs: fix btrfscompatioctl failures on non-compat ioctls (bsc#1018100).
  • btrfs: make file clone aware of fatal signals (bsc#1015787).
  • btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1015821).
  • cancel the setfilesize transation when io error happen (bsc#1028648).
  • cgroup: remove stray references to css_id (bsc#1020795).
  • cpuidle: powernv/pseries: Auto-promotion of snooze to deeper idle state (bnc#1023164).
  • dm: add era target (bsc#1020795).
  • dm: allow remove to be deferred (bsc#1020795).
  • dm bitset: only flush the current word if it has been dirtied (bsc#1020795).
  • dm btree: add dmbtreefindlowestkey (bsc#1020795).
  • dm cache: actually resize cache (bsc#1020795).
  • dm cache: add block sizes and total cache blocks to status output (bsc#1020795).
  • dm cache: add cache block invalidation support (bsc#1020795).
  • dm cache: add passthrough mode (bsc#1020795).
  • dm cache: add policy name to status output (bsc#1020795).
  • dm cache: add remove_cblock method to policy interface (bsc#1020795).
  • dm cache: be much more aggressive about promoting writes to discarded blocks (bsc#1020795).
  • dm cache: cache shrinking support (bsc#1020795).
  • dm cache: do not add migration to completed list before unhooking bio (bsc#1020795).
  • dm cache: fix a lock-inversion (bsc#1020795).
  • dm cache: fix truncation bug when mapping I/O to more than 2TB fast device (bsc#1020795).
  • dm cache: fix writethrough mode quiescing in cache_map (bsc#1020795).
  • dm cache: improve efficiency of quiescing flag management (bsc#1020795).
  • dm cache: io destined for the cache device can now serve as tick bios (bsc#1020795).
  • dm cache: log error message if dmkcopydcopy() fails (bsc#1020795).
  • dm cache metadata: check the metadata version when reading the superblock (bsc#1020795).
  • dm cache metadata: return bool from _superblockall_zeroes (bsc#1020795).
  • dm cache: move hookinfo into common portion of perbio_data structure (bsc#1020795).
  • dm cache: optimize commitifneeded (bsc#1020795).
  • dm cache policy mq: a few small fixes (bsc#1020795).
  • dm cache policy mq: fix promotions to occur as expected (bsc#1020795).
  • dm cache policy mq: implement writebackwork() and mq{set,clear}_dirty() (bsc#1020795).
  • dm cache policy mq: introduce three promotion threshold tunables (bsc#1020795).
  • dm cache policy mq: protect residency method with existing mutex (bsc#1020795).
  • dm cache policy mq: reduce memory requirements (bsc#1020795).
  • dm cache policy mq: use listdelinit instead of listdel + INITLIST_HEAD (bsc#1020795).
  • dm cache policy: remove return from void policyremovemapping (bsc#1020795).
  • dm cache: promotion optimisation for writes (bsc#1020795).
  • dm cache: resolve small nits and improve Documentation (bsc#1020795).
  • dm cache: return -EINVAL if the user specifies unknown cache policy (bsc#1020795).
  • dm cache: use cell_defer() boolean argument consistently (bsc#1020795).
  • dm: change sectorcount member in cloneinfo from sector_t to unsigned (bsc#1020795).
  • dm crypt: add TCW IV mode for old CBC TCRYPT containers (bsc#1020795).
  • dm crypt: properly handle extra key string in initialization (bsc#1020795).
  • dm delay: use per-bio data instead of a mempool and slab cache (bsc#1020795).
  • dm: fix Kconfig indentation (bsc#1020795).
  • dm: fix Kconfig menu indentation (bsc#1020795).
  • dm: make dmtableallocmdmempools static (bsc#1020795).
  • dm mpath: do not call pg_init when it is already running (bsc#1020795).
  • dm mpath: fix lock order inconsistency in multipath_ioctl (bsc#1020795).
  • dm mpath: print more useful warnings in multipath_message() (bsc#1020795).
  • dm mpath: push back requests instead of queueing (bsc#1020795).
  • dm mpath: really fix lockdep warning (bsc#1020795).
  • dm mpath: reduce memory pressure when requeuing (bsc#1020795).
  • dm mpath: remove extra nesting in map function (bsc#1020795).
  • dm mpath: remove map_io() (bsc#1020795).
  • dm mpath: remove processqueuedios() (bsc#1020795).
  • dm mpath: requeue I/O during pg_init (bsc#1020795).
  • dm persistent data: cleanup dm-thin specific references in text (bsc#1020795).
  • dm snapshot: call destroyworkonstack() to pair with INITWORK_ONSTACK() (bsc#1020795).
  • dm snapshot: fix metadata corruption (bsc#1020795).
  • dm snapshot: prepare for switch to using dm-bufio (bsc#1020795).
  • dm snapshot: use dm-bufio (bsc#1020795).
  • dm snapshot: use dm-bufio prefetch (bsc#1020795).
  • dm snapshot: use GFP_KERNEL when initializing exceptions (bsc#1020795).
  • dm space map disk: optimise smdiskdec_block (bsc#1020795).
  • dm space map metadata: limit errors in smmetadatanew_block (bsc#1020795).
  • dm: stop using bi_private (bsc#1020795).
  • dm table: add dmtablerunmdqueue_async (bsc#1020795).
  • dm table: print error on preresume failure (bsc#1020795).
  • dm table: remove unused buggy code that extends the targets array (bsc#1020795).
  • dm thin: add errorifno_space feature (bsc#1020795).
  • dm thin: add mappings to end of prepared_* lists (bsc#1020795).
  • dm thin: add 'nospacetimeout' dm-thin-pool module param (bsc#1020795).
  • dm thin: add timeout to stop out-of-data-space mode holding IO forever (bsc#1020795).
  • dm thin: allow metadata commit if pool is in PMOUTOFDATASPACE mode (bsc#1020795).
  • dm thin: allow metadata space larger than supported to go unused (bsc#1020795).
  • dm thin: cleanup and improve no space handling (bsc#1020795).
  • dm thin: eliminate the nofreespace flag (bsc#1020795).
  • dm thin: ensure user takes action to validate data and metadata consistency (bsc#1020795).
  • dm thin: factor out checklowwater_mark and use bools (bsc#1020795).
  • dm thin: fix deadlock in _requeuebio_list (bsc#1020795).
  • dm thin: fix noflush suspend IO queueing (bsc#1020795).
  • dm thin: fix out of data space handling (bsc#1020795).
  • dm thin: fix pool feature parsing (bsc#1020795).
  • dm thin: fix rcureadlock being held in code that can sleep (bsc#1020795).
  • dm thin: handle metadata failures more consistently (bsc#1020795).
  • dm thin: irqsave must always be used with the pool->lock spinlock (bsc#1020795).
  • dm thin: log info when growing the data or metadata device (bsc#1020795).
  • dm thin: requeue bios to DM core if nofreespace and in read-only mode (bsc#1020795).
  • dm thin: return error from allocdatablock if pool is not in write mode (bsc#1020795).
  • dm thin: simplify pooliscongested (bsc#1020795).
  • dm thin: sort the per thin deferred bios using an rb_tree (bsc#1020795).
  • dm thin: synchronize the pool mode during suspend (bsc#1020795).
  • dm thin: use bool rather than unsigned for flags in structures (bsc#1020795).
  • dm thin: use INITWORKONSTACK in noflush_work to avoid ODEBUG warning (bsc#1020795).
  • dm thin: use per thin device deferred bio lists (bsc#1020795).
  • dm: use RCUINITPOINTER instead of rcuassignpointer in __unbind (bsc#1020795).
  • drm/i915: relax uncritical udelay_range() (bsc#1038261).
  • ether: add loopback type ETHPLOOPBACK (bsc#1028595).
  • ext4: fix bh leak on error paths in ext4rename() and ext4cross_rename() (bsc#1012985).
  • ext4: fix fencepost in sfirstmeta_bg validation (bsc#1029986).
  • ext4: mark inode dirty after converting inline directory (bsc#1012985).
  • ftrace: Make ftracelocationrange() global (FATE#322421).
  • HID: usbhid: improve handling of Clear-Halt and reset (bsc#1031080).
  • hv: util: catch allocation errors
  • hv: utils: use memdupuser in hvtop_write
  • hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344).
  • i40e: avoid null pointer dereference (bsc#922853).
  • i40e/i40evf: Break up xmitdescriptorcount from maybestoptx (bsc#985561).
  • i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561).
  • i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561).
  • i40e: Impose a lower limit on gso size (bsc#985561).
  • i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561).
  • iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped (bsc#1023824).
  • iommu/vt-d: Tylersburg isoch identity map check is done too late (bsc#1032125).
  • ipv6: make ECMP route replacement less greedy (bsc#930399).
  • kabi: hide changes in struct sk_buff (bsc#1009682).
  • KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).
  • kABI: mask struct xfs_icdinode change (bsc#1024788).
  • kABI: protect struct inet6_dev (kabi).
  • kABI: protect struct iscsi_conn (bsc#103470).
  • kABI: protect struct xfsbuftarg and struct xfsmount (bsc#1024508).
  • kABI: restore canrxregister parameters (kabi).
  • kernel/watchdog: use nmi registers snapshot in hardlockup handler (bsc#940946, bsc#937444).
  • kgr: Mark eeheventhandler() kthread safe using a timeout (bsc#1031662).
  • kgr/module: make a taint flag module-specific
  • kgr: remove unneeded kgrneedslazy_migration() s390x definition
  • l2tp: fix address test in _l2tpip6bindlookup() (bsc#1028415).
  • l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).
  • l2tp: fix racy socket lookup in l2tpip and l2tpip6 bind() (bsc#1028415).
  • l2tp: hold socket before dropping lock in l2tpip{, 6}recv() (bsc#1028415).
  • l2tp: hold tunnel socket when handling control frames in l2tpip and l2tpip6 (bsc#1028415).
  • l2tp: lock socket before checking flags in connect() (bsc#1028415).
  • livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421).
  • locking/semaphore: Add downinterruptibletimeout() (bsc#1031662).
  • md: avoid oops on unload if some process is in poll or select (bsc#1020795).
  • md: Convert use of typedef ctltable to struct ctltable (bsc#1020795).
  • md: ensure metadata is writen after raid level change (bsc#1020795).
  • md linear: fix a race between linearadd() and linearcongested() (bsc#1018446).
  • md: mdclearbadblocks should return an error code on failure (bsc#1020795).
  • md: refuse to change shape of array if it is active but read-only (bsc#1020795).
  • megaraid_sas: add missing curly braces in ioctl handler (bsc#1023207).
  • megaraidsas: Fixup tgtid count in megasasldlistquery() (bsc#971933).
  • mm/hugememory.c: respect FOLLFORCE/FOLL_COW for thp (bnc#1030118).
  • mm, memcg: do not retry precharge charges (bnc#1022559).
  • mm/mempolicy.c: do not put mempolicy before using its nodemask (References: VM Performance, bnc#931620).
  • mm/page_alloc: fix nodes for reclaim in fast path (bnc#1031842).
  • module: move addtaintmodule() to a header file
  • net: Add skbgropostpull_rcsum to udp and vxlan (bsc#1009682).
  • net: add skbpoprcv_encapsulation (bsc#1009682).
  • net: Call skbchecksuminit in IPv4 (bsc#1009682).
  • net: Call skbchecksuminit in IPv6 (bsc#1009682).
  • netfilter: allow logging fron non-init netns (bsc#970083).
  • net: Generalize checksum_init functions (bsc#1009682).
  • net: Preserve CHECKSUM_COMPLETE at validation (bsc#1009682).
  • NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041).
  • NFS: Expedite unmount of NFS auto-mounts (bnc#1025802).
  • NFS: Fix a performance regression in readdir (bsc#857926).
  • NFS: flush out dirty data on file fput() (bsc#1021762).
  • ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1012985).
  • powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
  • powerpc: Create a helper for getting the kernel toc value (FATE#322421).
  • powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
  • powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141).
  • powerpc/fadump: Update fadump documentation (bsc#1032141).
  • powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421).
  • powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421).
  • powerpc/ftrace: Use $(CCFLAGSFTRACE) when disabling ftrace (FATE#322421).
  • powerpc/ftrace: Use generic ftracemodifyall_code() (FATE#322421).
  • powerpc: introduce TIFKGRIN_PROGRESS thread flag (FATE#322421).
  • powerpc/kgraft: Add kgraft header (FATE#322421).
  • powerpc/kgraft: Add kgraft stack to struct thread_info (FATE#322421).
  • powerpc/kgraft: Add live patching support on ppc64le (FATE#322421).
  • powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).
  • powerpc/module: Mark module stubs with a magic value (FATE#322421).
  • powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421).
  • powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421).
  • powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530).
  • powerpc/pseries/cpuidle: Remove MAXIDLESTATE macro (bnc#1023164).
  • powerpc/pseries/cpuidle: Use cpuidle_register() for initialisation (bnc#1023164).
  • powerpc: Reject binutils 2.24 when building little endian (boo#1028895).
  • RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783,bsc#1020048).
  • raid1: include bioendiolist in nrqueued to prevent freeze_array hang
  • remove mpath patches from dmcache backport, for bsc#1035738
  • revert 'procfs: mark thread stack correctly in proc/PID/maps' (bnc#1030901).
  • Revert 'RDMA/core: Fix incorrect structure packing for booleans' (kabi).
  • rtnetlink: allow to register ops without ops->setup set (bsc#1021374).
  • s390/zcrypt: Introduce CEX6 toleration (FATE#321783, LTC#147506, bsc#1019514).
  • sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419).
  • scsi_error: count medium access timeout only once per EH run (bsc#993832, bsc#1032345).
  • scsi: libiscsi: add lock around task lists to fix list corruption regression (bsc#1034700).
  • scsi: storvsc: fix SRBSTATUSABORTED handling
  • sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
  • svcrpc: fix gss-proxy NULL dereference in some error cases (bsc#1024309).
  • taint/module: Clean up global and module taint flags handling
  • tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).
  • thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).
  • thp: reduce indentation level in changehugepmd() (bnc#1027974).
  • treewide: fix 'distingush' typo (bsc#1020795).
  • tree-wide: use reinitcompletion instead of INITCOMPLETION (bsc#1020795).
  • usb: dwc3: gadget: Fix incorrect DEPCMD and DGCMD status macros (bsc#1035699).
  • usb: host: xhci: print correct command ring address (bnc#1035699).
  • USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
  • vfs: Do not exchange 'short' filenames unconditionally (bsc#1012985).
  • vfs: split generic splice code from i_mutex locking (bsc#1024788).
  • vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).
  • VSOCK: Detach QP check should filter out non matching QPs (bsc#1036752).
  • vxlan: cancel sockwork in vxlandellink() (bsc#1031567).
  • vxlan: Checksum fixes (bsc#1009682).
  • vxlan: GRO support at tunnel layer (bsc#1009682).
  • xen-blkfront: correct maximum segment accounting (bsc#1018263).
  • xen-blkfront: do not call talktoblkback when already connected to blkback.
  • xen-blkfront: free resources if xlvbdallocgendisk fails.
  • xfsdmapi: fix the debug compilation of xfsdmapi (bsc#989056).
  • xfs: do not allow di_size with high bit set (bsc#1024234).
  • xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508).
  • xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508).
  • xfs: fix broken multi-fsb buffer logging (bsc#1024081).
  • xfs: fix buffer overflow dmgetdirattrs/dmgetdirattrs2 (bsc#989056).
  • xfs: Fix lock ordering in splice write (bsc#1024788).
  • xfs: fix up xfsswapextent_forks inline extent handling (bsc#1023888).
  • xfs: Make xfsicdinode->didmstate atomic_t (bsc#1024788).
  • xfs: pass total block res. as total xfsbmapiwrite() parameter (bsc#1029470).
  • xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).
  • xfs: track and serialize in-flight async buffers against unmount (bsc#1024508).
References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP1 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-default-extra": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP1 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-default-extra": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP1 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-default-extra": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP1 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-default-extra": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 / kgraft-patch-SLE12-SP1_Update_15

Package

Name
kgraft-patch-SLE12-SP1_Update_15
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP1_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-4.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-3_12_74-60_64_40-default": "1-4.1",
            "kgraft-patch-3_12_74-60_64_40-xen": "1-4.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.74-60.64.40.1",
            "kernel-ec2": "3.12.74-60.64.40.1",
            "kernel-ec2-devel": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP1 / kernel-docs

Package

Name
kernel-docs
Purl
purl:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.4

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "3.12.74-60.64.40.4",
            "kernel-obs-build": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP1 / kernel-obs-build

Package

Name
kernel-obs-build
Purl
purl:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "3.12.74-60.64.40.4",
            "kernel-obs-build": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.74-60.64.40.1",
            "kernel-devel": "3.12.74-60.64.40.1",
            "kernel-default-base": "3.12.74-60.64.40.1",
            "kernel-default-man": "3.12.74-60.64.40.1",
            "kernel-xen-devel": "3.12.74-60.64.40.1",
            "kernel-default": "3.12.74-60.64.40.1",
            "kernel-source": "3.12.74-60.64.40.1",
            "kernel-xen-base": "3.12.74-60.64.40.1",
            "kernel-syms": "3.12.74-60.64.40.1",
            "kernel-default-devel": "3.12.74-60.64.40.1",
            "kernel-xen": "3.12.74-60.64.40.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP1 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.74-60.64.40.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "3.12.74-60.64.40.1"
        }
    ]
}