SUSE-SU-2017:3267-1

The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.95 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-12153: A security flaw was discovered in the nl80211setrekeydata() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAPNET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410 1058624).
• CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667).
• CVE-2017-14489: The iscsiifrx function in drivers/scsi/scsitransportiscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).
• CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seqclientmgr.c and sound/core/seq/seqports.c (bnc#1062520).
• CVE-2017-15649: net/packet/afpacket.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data structures, because of a race condition (involving fanoutadd and packetdo_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).

The following non-security bugs were fixed:

• alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
• alsa: caiaq: Fix stray URB at probe error path (bnc#1012382).
• alsa: compress: Remove unused variable (bnc#1012382).
• alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382).
• alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382).
• alsa: seq: Enable 'use' locking in all configurations (bnc#1012382).
• alsa: seq: Fix copyfromuser() call inside lock (bnc#1012382).
• alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382).
• alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382).
• alsa: usb-audio: Kill stray URB at exiting (bnc#1012382).
• alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382).
• arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
• arm64: fault: Route pte translation faults via dotranslationfault (bnc#1012382).
• arm64: Make sure SPsel is always set (bnc#1012382).
• arm: 8635/1: nommu: allow enabling REMAPVECTORSTO_RAM (bnc#1012382).
• arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382).
• arm: pxa: add the number of DMA requestor lines (bnc#1012382).
• arm: pxa: fix the number of DMA requestor lines (bnc#1012382).
• arm: remove duplicate 'const' annotations' (bnc#1012382).
• asoc: dapm: fix some pointer error handling (bnc#1012382).
• asoc: dapm: handle probe deferrals (bnc#1012382).
• audit: log 32-bit socketcalls (bnc#1012382).
• bcache: correct cachedirtytarget in _updatewriteback_rate() (bnc#1012382).
• bcache: Correct return value for sysfs attach errors (bnc#1012382).
• bcache: do not subtract sectorstogc for bypassed IO (bnc#1012382).
• bcache: fix bch_hprint crash and improve output (bnc#1012382).
• bcache: fix for gc and write-back race (bnc#1012382).
• bcache: Fix leak of bdev reference (bnc#1012382).
• bcache: initialize dirty stripes in flashdevrun() (bnc#1012382).
• blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919)
• block: Relax a check in blkstartqueue() (bnc#1012382).
• bpf: one perf event close won't free bpf program attached by another perf event (bnc#1012382).
• bpf/verifier: reject BPFALU64|BPFEND (bnc#1012382).
• brcmfmac: add length check in brcmfcfg80211escan_handler() (bnc#1012382).
• brcmfmac: setup passive scan if requested by user-space (bnc#1012382).
• brcmsmac: make some local variables 'static const' to reduce stack size (bnc#1012382).
• bridge: netlink: register netdevice before executing changelink (bnc#1012382).
• bsg-lib: do not free job in bsgpreparejob (bnc#1012382).
• btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: add cond_resched() calls when resolving backrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: allow backref search checks for shared extents (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: backref, add tracepoints for prelim_ref insertion and merging (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: backref, add unodeauxtoinodelist helper (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: backref, constify some arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: btrfscheckshared should manage its own transaction (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: change how we decide to commit transactions during flushing (bsc#1060197).
• btrfs: clean up extraneous computations in adddelayedrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: fix leak and use-after-free in resolveindirectrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: fix NULL pointer dereference from freerelocroots() (bnc#1012382).
• btrfs: prevent to set invalid default subvolid (bnc#1012382).
• btrfs: propagate error to btrfscmpdata_prepare caller (bnc#1012382).
• btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755).
• btrfs: remove ref_tree implementation from backref.c (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461).
• bus: mbus: fix window size calculation for 4GB windows (bnc#1012382).
• can: esdusb2: Fix candlc value for received RTR, frames (bnc#1012382).
• can: gs_usb: fix busy loop if no more TX context is available (bnc#1012382).
• ceph: avoid panic in createsessionopen_msg() if utsname() returns NULL (bsc#1061451).
• ceph: check negative offsets in ceph_llseek() (bsc#1061451).
• ceph: clean up unsafe dparent accesses in builddentry_path (bnc#1012382).
• cifs: fix circular locking dependency (bsc#1064701).
• cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).
• cifs: Reconnect expired SMB sessions (bnc#1012382).
• cifs: release auth_key.response for reconnect (bnc#1012382).
• clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bnc#1012382).
• cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382).
• crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382).
• crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382).
• crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382).
• crypto: talitos - fix sha224 (bnc#1012382).
• crypto: xts - Add ECB dependency (bnc#1012382).
• cxl: Fix driver use count (bnc#1012382).
• direct-io: Prevent NULL pointer access in submitpagesection (bnc#1012382).
• dmaengine: edma: Align the memcpy acnt array size with the transfer (bnc#1012382).
• dmaengine: mmp-pdma: add number of requestors (bnc#1012382).
• driver core: platform: Do not read past the end of 'driver_override' buffer (bnc#1012382).
• drivers: firmware: psci: drop duplicate const from psciofmatch (bnc#1012382).
• drivers: hv: fcopy: restore correct transfer length (bnc#1012382).
• drm: Add driver-private objects to atomic state (bsc#1055493).
• drm/amdkfd: fix improper return value on error (bnc#1012382).
• drm: bridge: add DT bindings for TI ths8135 (bnc#1012382).
• drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493).
• drmfourcc: Fix DRMFORMATMODLINEAR #define (bnc#1012382).
• drm/i915/bios: ignore HDMI on port A (bnc#1012382).
• drm/nouveau/bsp/g92: disable by default (bnc#1012382).
• drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382).
• ext4: do not allow encrypted operations without keys (bnc#1012382).
• ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382).
• ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382).
• ext4: in ext4seek{hole,data}, return -ENXIO for negative offsets (bnc#1012382).
• extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382).
• exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382).
• f2fs: check hot_data for roll-forward recovery (bnc#1012382).
• f2fs crypto: add missing locking for keyring_key access (bnc#1012382).
• f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382).
• f2fs: do not wait for writeback in write_begin (bnc#1012382).
• fix unbalanced page refcounting in biomapuser_iov (bnc#1012382).
• fix whitespace according to upstream commit
• fix xenswiotlbdma_mmap prototype (bnc#1012382).
• fs-cache: fix dereference of NULL userkeypayload (bnc#1012382).
• fscrypt: fix dereference of NULL userkeypayload (bnc#1012382).
• fscrypto: require write access to mount to set encryption policy (bnc#1012382).
• fs/epoll: cache leftmost node (bsc#1056427).
• ftrace: Fix kmemleak in unregisterftracegraph (bnc#1012382).
• ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382).
• ftrace: Fix selftest goto location on error (bnc#1012382).
• genirq: Fix foreachactionofdesc() macro (bsc#1061064).
• getcwd: Close race with d_move called by lustre (bsc#1052593).
• gfs2: Fix debugfs glocks dump (bnc#1012382).
• gfs2: Fix reference to ERRPTR in gfs2glockiternext (bnc#1012382).
• gianfar: Fix Tx flow control deactivation (bnc#1012382).
• hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382).
• hid: usbhid: Add HIDQUIRKNOGET for Aten CS-1758 KVM switch (bnc#1022967).
• hid: usbhid: fix out-of-bounds bug (bnc#1012382).
• hpsa: correct lun data caching bitmap definition (bsc#1028971).
• hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382).
• i2c: at91: ensure state is restored after suspending (bnc#1012382).
• i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382).
• i2c: meson: fix wrong variable usage in mesoni2cput_data (bnc#1012382).
• i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
• i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
• i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
• ib/core: Fix for core panic (bsc#1022595 FATE#322350).
• ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350).
• ib/i40iw: Fix error code in i40iwcreatecq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816).
• ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382).
• ib/ipoib: Replace listdel of the neigh->list with listdel_init (bnc#1012382).
• ib/ipoib: rtnlunlock can not come after freenetdev (bnc#1012382).
• ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• ibmvnic: Set state UP (bsc#1062962).
• ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382).
• igb: re-assign hw address pointer on reset after PCI error (bnc#1012382).
• iio: ad7793: Fix the serial interface reset (bnc#1012382).
• iio: adc: axp288: Drop bogus AXP288ADCTSPINCTRL register modifications (bnc#1012382).
• iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382).
• iio: adc: mcp320x: Fix oops on module unload (bnc#1012382).
• iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382).
• iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030madcprobe()' (bnc#1012382).
• iio: adc: twl4030: Fix an error handling path in 'twl4030madcprobe()' (bnc#1012382).
• iio: adc: xilinx: Fix error handling (bnc#1012382).
• iio: adsigmadelta: Implement a dedicated reset function (bnc#1012382).
• iio: core: Return error for failed read_reg (bnc#1012382).
• input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382).
• iommu/amd: Finish TLB flush in amdiommuunmap() (bnc#1012382).
• iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382).
• iommu/vt-d: Avoid calling virttophys() on null pointer (bsc#1061067).
• ip6gre: skbpush ipv6hdr before packing the header in ip6gre_header (bnc#1012382).
• ipv6: accept 64k - 1 packet length in ip6find1stfragopt() (bnc#1012382).
• ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).
• ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382).
• ipv6: fix sparse warning on rt6i_node (bnc#1012382).
• ipv6: fix typo in fib6netexit() (bnc#1012382).
• irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382).
• isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382).
• iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382).
• iwlwifi: mvm: use IWLHCMDNOCOPY for MCASTFILTERCMD (bnc#1012382).
• ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814).
• kABI: protect struct l2tp_tunnel (kabi).
• kABI: protect struct rmdataop (kabi).
• kABI: protect struct sdio_func (kabi).
• keys: do not let add_key() update an uninstantiated key (bnc#1012382).
• keys: encrypted: fix dereference of NULL userkeypayload (bnc#1012382).
• keys: Fix race between updating and finding a negative key (bnc#1012382).
• keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382).
• keys: prevent creating a different user's keyrings (bnc#1012382).
• keys: prevent KEYCTL_READ on negative key (bnc#1012382).
• kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017).
• kvm: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (bnc#1012382).
• kvm: PPC: Book3S: Fix race and leak in kvmvmioctlcreatespapr_tce() (bnc#1012382).
• kvm: SVM: Add a missing 'break' statement (bsc#1061017).
• kvm: VMX: do not change SN bit in vmxupdatepi_irte() (bsc#1061017).
• kvm: VMX: remove WARNONONCE in kvmvcputriggerpostedinterrupt (bsc#1061017).
• kvm: VMX: use cmpxchg64 (bnc#1012382).
• l2tp: Avoid schedule while atomic in exit_net (bnc#1012382).
• l2tp: fix race condition in l2tptunneldelete (bnc#1012382).
• libata: transport: Remove circular dependency at free time (bnc#1012382).
• lib/digsig: fix dereference of NULL userkeypayload (bnc#1012382).
• locking/lockdep: Add nest_lock integrity test (bnc#1012382).
• lsm: fix smackinoderemovexattr and xattr_getsecurity memleak (bnc#1012382).
• mac80211: fix power saving clients handling in iwlwifi (bnc#1012382).
• mac80211: flush hwrocstart work before cancelling the ROC (bnc#1012382).
• mac80211hwsim: check HWSIMATTRRADIONAME length (bnc#1012382).
• md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).
• md/linear: shutup lockdep warnning (bnc#1012382).
• md/raid10: submit bio directly to replacement disk (bnc#1012382).
• md/raid5: preserve STRIPEONUNPLUGLIST in breakstripebatchlist (bnc#1012382).
• md/raid5: release/flush io in raid5dowork() (bnc#1012382).
• media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382).
• media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).
• mips: Ensure bss section ends on a long-aligned address (bnc#1012382).
• mips: Fix minimum alignment requirement of IRQ stack (git-fixes).
• mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382).
• mips: Lantiq: Fix another requestmemregion() return code check (bnc#1012382).
• mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382).
• mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382).
• mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382).
• mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382).
• mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382).
• mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382).
• mips: math-emu: Remove prerr() calls from fpuemu() (bnc#1012382).
• mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382).
• mlx5: Avoid that mlx5ibsgtoklms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475).
• mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975).
• mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382).
• mm: discard memblock data later (bnc#1063460).
• mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460).
• mm: meminit: mark initreservedpage as __meminit (bnc#1063509).
• mm/memoryhotplug: change pfntosectionnr/sectionnrto_pfn macro to inline function (bnc#1063501).
• mm/memoryhotplug: define find{smallest|biggest}sectionpfn as unsigned long (bnc#1063520).
• mm: prevent double decrease of nrreservedhighatomic (bnc#1012382).
• net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382).
• net: emac: Fix napi poll list corruption (bnc#1012382).
• netfilter: invoke synchronizercu after set the _hook to NULL (bnc#1012382).
• netfilter: nfctexpect: Change _nfctexpectcheck() return value (bnc#1012382).
• netfilter: nfnlcthelper: fix incorrect helper->expectclass_max (bnc#1012382).
• net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
• net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bnc#1012382).
• net/mlx4en: fix overflow in mlx4eninittimestamp() (bnc#1012382).
• net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net/mlx5: Skip mlx5unloadone if mlx5loadone fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
• net: mvpp2: release reference to txq_cpu[] entry after unmapping (bnc#1012382).
• net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382).
• net: Set skprotcreator when cloning sockets to the right proto (bnc#1012382).
• nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382).
• nfsd: Fix general protection fault in releaselockstateid() (bnc#1012382).
• nl80211: Define policy for packet pattern attributes (bnc#1012382).
• nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944).
• packet: only test po->hasvnethdr once in packet_snd (bnc#1012382).
• parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382).
• parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels (bnc#1012382).
• parisc: perf: Fix potential NULL pointer dereference (bnc#1012382).
• partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382).
• pci: Allow PCI express root ports to find themselves (bsc#1061046).
• pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).
• pci: Fix race condition with driver_override (bnc#1012382).
• pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).
• percpu: make thiscpugeneric_read() atomic w.r.t. interrupts (bnc#1012382).
• perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).
• perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831).
• pkcs7: Prevent NULL pointer dereference, since sinfo is not always set (bnc#1012382).
• powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).
• powerpc/pseries: Fix parentdn reference leak in adddt_node() (bnc#1012382).
• qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159).
• qlge: avoid memcpy buffer overflow (bnc#1012382).
• rcu: Allow for page faults in NMI handlers (bnc#1012382).
• rds: ib: add error handle (bnc#1012382).
• rds: RDMA: Fix the composite message user notification (bnc#1012382).
• Revert 'bsg-lib: do not free job in bsgpreparejob' (bnc#1012382).
• Revert 'net: fix percpu memory leaks' (bnc#1012382).
• Revert 'net: phy: Correctly process PHYHALTED in phystop_machine()' (bnc#1012382).
• Revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (bnc#1012382).
• Revert 'tty: goldfish: Fix a parameter of a call to free_irq' (bnc#1012382).
• rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382).
• sched/autogroup: Fix autogroupmovegroup() to never skip schedmovetask() (bnc#1012382).
• sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382).
• scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971).
• scsi: hpsa: bump driver version (bsc#1022600 fate#321928).
• scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: Check for null device pointers (bsc#1028971).
• scsi: hpsa: Check for null devices in ioaccel (bsc#1028971).
• scsi: hpsa: Check for vpd support before sending (bsc#1028971).
• scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928).
• scsi: hpsa: correct call to hpsadoreset (bsc#1028971).
• scsi: hpsa: correct logical resets (bsc#1028971).
• scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928).
• scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928).
• scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971).
• scsi: hpsa: Determine device external status earlier (bsc#1028971).
• scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928).
• scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928).
• scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971).
• scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971).
• scsi: hpsa: remove abort handler (bsc#1022600 fate#321928).
• scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971).
• scsi: hpsa: remove memory allocate failure message (bsc#1028971).
• scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971).
• scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928).
• scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928).
• scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928).
• scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928).
• scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928).
• scsi: hpsa: update reset handler (bsc#1022600 fate#321928).
• scsi: hpsa: use designated initializers (bsc#1028971).
• scsi: hpsa: use %phN for short hex dumps (bsc#1028971).
• scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465).
• scsi: libfc: fix a deadlock in fcrportwork (bsc#1063695).
• scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382).
• scsi: megaraidsas: Return pended IOCTLs with cmdstatus MFISTATWRONG_STATE in case adapter is dead (bnc#1012382).
• scsi: reset wait for IO completion (bsc#996376).
• scsi: scsidhemc: return success in clariionstdinquiry() (bnc#1012382).
• scsi: scsitransportfc: Also check for NOTPRESENT in fcremoteport_add() (bsc#1037890).
• scsi: scsitransportfc: set scsitargetid upon rescan (bsc#1058135).
• scsi: sd: Do not override maxsectorskb sysfs setting (bsc#1025461).
• scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985).
• scsi: sg: close race condition in sgremovesfp_usercontext() (bsc#1064206).
• scsi: sg: do not return bogus Sg_requests (bsc#1064206).
• scsi: sg: factor out sgfillrequest_table() (bnc#1012382).
• scsi: sg: fixup infoleak when using SGGETREQUEST_TABLE (bnc#1012382).
• scsi: sg: off by one in sg_ioctl() (bnc#1012382).
• scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206).
• scsi: sg: remove 'savescatlen' (bnc#1012382).
• scsi: sg: use standard lists for sg_requests (bnc#1012382).
• scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).
• scsi: zfcp: add handling for FCPRESIDOVER to the fcp ingress path (bnc#1012382).
• scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382).
• scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382).
• scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382).
• scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382).
• scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382).
• scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382).
• scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN (bnc#1012382).
• sctp: potential read out of bounds in sctpulpeventtype_enabled() (bnc#1012382).
• seccomp: fix the usage of get/putseccompfilter() in seccompgetfilter() (bnc#1012382).
• sheth: use correct name for ECMRMPDE bit (bnc#1012382).
• skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).
• skd: Submit requests to firmware before triggering the doorbell (bnc#1012382).
• slub: do not merge cache if slub_debug contains a never-merge flag (bnc#1012382).
• smb3: Do not ignore OSYNC/ODSYNC and O_DIRECT flags (bnc#1012382).
• smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382).
• sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382).
• staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382).
• stm class: Fix a use-after-free (bnc#1012382).
• supported.conf: mark hid-multitouch as supported (FATE#323670)
• swiotlb-xen: implement xenswiotlbdma_mmap callback (bnc#1012382).
• target/iscsi: Fix unsolicited data seqendoffset calculation (bnc#1012382).
• team: call netdevchangefeatures out of team lock (bsc#1055567).
• team: fix memory leaks (bnc#1012382).
• timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382).
• tipc: use only positive error codes in messages (bnc#1012382).
• tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048).
• tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).
• tracing: Erase irqsoff trace with empty write (bnc#1012382).
• tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).
• ttpci: address stringop overflow warning (bnc#1012382).
• tty: fix _ttyinsertflipchar regression (bnc#1012382).
• tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382).
• tty: improve ttyinsertflip_char() fast path (bnc#1012382).
• tty: improve ttyinsertflip_char() slow path (bnc#1012382).
• tun: bail out from tungetuser() if the skb is empty (bnc#1012382).
• uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382).
• uapi: fix linux/rds.h userspace compilation errors (bnc#1012382).
• udpv6: Fix the checksum computation when HW checksum does not apply (bnc#1012382).
• usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382).
• usb: chipidea: vbus event may exist before starting gadget (bnc#1012382).
• usb: core: fix out-of-bounds access bug in usbgetbos_descriptor() (bnc#1012382).
• usb: core: harden cdcparsecdc_header (bnc#1012382).
• usb: devio: Do not corrupt user memory (bnc#1012382).
• usb: devio: Revert 'USB: devio: Do not corrupt user memory' (bnc#1012382).
• usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382).
• usb: dummy-hcd: Fix deadlock caused by disconnect detection (bnc#1012382).
• usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382).
• usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382).
• usb: fix out-of-bounds in usbsetconfiguration (bnc#1012382).
• usb: gadget: composite: Fix use-after-free in usbcompositeoverwrite_options (bnc#1012382).
• usb: gadgetfs: fix copytouser while holding spinlock (bnc#1012382).
• usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382).
• usb: gadget: inode.c: fix unbalanced spinlock in ep0write (bnc#1012382).
• usb: gadget: massstorage: set msgregistered after msg registered (bnc#1012382).
• usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382).
• usb: gmassstorage: Fix deadlock when driver is unbound (bnc#1012382).
• usb: hub: Allow reset retry for USB2 devices on connect bounce (bnc#1012382).
• usb: Increase quirk delay for USB devices (bnc#1012382).
• usb: musb: Check for host-mode using ishostactive() on reset interrupt (bnc#1012382).
• usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382).
• usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382).
• usb: plusb: Add support for PL-27A1 (bnc#1012382).
• usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382).
• usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet (bnc#1012382).
• usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382).
• usb: renesasusbhs: fix usbhsffifo_clear() for RX direction (bnc#1012382).
• usb: serial: console: fix use-after-free after failed setup (bnc#1012382).
• usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382).
• usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382).
• usb: serial: metro-usb: add MS7820 device id (bnc#1012382).
• usb: serial: mos7720: fix control-message error handling (bnc#1012382).
• usb: serial: mos7840: fix control-message error handling (bnc#1012382).
• usb: serial: option: add support for TP-Link LTE module (bnc#1012382).
• usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382).
• usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382).
• usb: uas: fix bug in handling of alternate settings (bnc#1012382).
• uwb: ensure that endpoint is interrupt (bnc#1012382).
• uwb: properly check kthread_run return value (bnc#1012382).
• vfs: Return -ENXIO for negative SEEKHOLE / SEEKDATA offsets (bnc#1012382).
• video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382).
• vti: fix use after free in vtitunnelxmit/vti6tnlxmit (bnc#1012382).
• watchdog: kempld: fix gcc-4.3 build (bnc#1012382).
• x86/alternatives: Fix altmaxshort macro to really be a max() (bnc#1012382).
• x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).
• x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382).
• x86/ldt: Fix off by one in getsegmentbase() (bsc#1061872).
• xfs/dmapi: fix incorrect file->fpath.dentry->dinode usage (bsc#1055896).
• xfs: handle error if xfsbtreeget_bufs fails (bsc#1059863).
• xfs: remove kmemzallocgreedy (bnc#1012382).
• xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382).