{"affected":[{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.4.88-18.1","cluster-network-kmp-rt":"4.4.88-18.1","dlm-kmp-rt":"4.4.88-18.1","gfs2-kmp-rt":"4.4.88-18.1","kernel-devel-rt":"4.4.88-18.1","kernel-rt":"4.4.88-18.1","kernel-rt-base":"4.4.88-18.1","kernel-rt-devel":"4.4.88-18.1","kernel-rt_debug-devel":"4.4.88-18.1","kernel-source-rt":"4.4.88-18.1","kernel-syms-rt":"4.4.88-18.1","ocfs2-kmp-rt":"4.4.88-18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP2","name":"kernel-rt","purl":"pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.88-18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.4.88-18.1","cluster-network-kmp-rt":"4.4.88-18.1","dlm-kmp-rt":"4.4.88-18.1","gfs2-kmp-rt":"4.4.88-18.1","kernel-devel-rt":"4.4.88-18.1","kernel-rt":"4.4.88-18.1","kernel-rt-base":"4.4.88-18.1","kernel-rt-devel":"4.4.88-18.1","kernel-rt_debug-devel":"4.4.88-18.1","kernel-source-rt":"4.4.88-18.1","kernel-syms-rt":"4.4.88-18.1","ocfs2-kmp-rt":"4.4.88-18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP2","name":"kernel-rt_debug","purl":"pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.88-18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.4.88-18.1","cluster-network-kmp-rt":"4.4.88-18.1","dlm-kmp-rt":"4.4.88-18.1","gfs2-kmp-rt":"4.4.88-18.1","kernel-devel-rt":"4.4.88-18.1","kernel-rt":"4.4.88-18.1","kernel-rt-base":"4.4.88-18.1","kernel-rt-devel":"4.4.88-18.1","kernel-rt_debug-devel":"4.4.88-18.1","kernel-source-rt":"4.4.88-18.1","kernel-syms-rt":"4.4.88-18.1","ocfs2-kmp-rt":"4.4.88-18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP2","name":"kernel-source-rt","purl":"pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.88-18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-rt":"4.4.88-18.1","cluster-network-kmp-rt":"4.4.88-18.1","dlm-kmp-rt":"4.4.88-18.1","gfs2-kmp-rt":"4.4.88-18.1","kernel-devel-rt":"4.4.88-18.1","kernel-rt":"4.4.88-18.1","kernel-rt-base":"4.4.88-18.1","kernel-rt-devel":"4.4.88-18.1","kernel-rt_debug-devel":"4.4.88-18.1","kernel-source-rt":"4.4.88-18.1","kernel-syms-rt":"4.4.88-18.1","ocfs2-kmp-rt":"4.4.88-18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Real Time 12 SP2","name":"kernel-syms-rt","purl":"pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.88-18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n  arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY\n  (1/4 of the size), but did not take the argument and environment pointers into\n  account, which allowed attackers to bypass this limitation (bnc#1039354)\n- CVE-2017-1000112: Prevent race condition in net-packet code that could have\n  been exploited by unprivileged users to gain root access. (bnc#1052311)\n- CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack\n  overflow vulnerability in the processing of L2CAP configuration\n  responses resulting in remote code execution in kernel space (bnc#1057389)\n- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl\n  function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a\n  denial of service (memory corruption and system crash) by leveraging root\n  access (bnc#1056588)\n- CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a\n  denial of service (out-of-bounds array access) or possibly have unspecified\n  other impact by changing a certain sequence-number value, aka a 'double fetch'\n  vulnerability (bnc#1037994)\n- CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged users\n  using KVM to cause DoS on Intel systems (bsc#1058038).\n- CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE (bsc#1052365).\n- CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n  drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of\n  service (memory consumption) by triggering object-initialization failures\n  (bnc#1047277).\n- CVE-2017-11472: The acpi_ns_terminate() function did not flush the operand\n  cache and causes a kernel stack dump, which allowed local users to obtain\n  sensitive information from kernel memory and bypass the KASLR protection\n  mechanism via a crafted ACPI table (bnc#1049580).\n- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n  allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).\n- CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow local\n  OS guest users to corrupt block device data streams and consequently obtain\n  sensitive memory information, cause a denial of service, or gain host OS\n  privileges by leveraging incorrect block IO merge-ability calculation\n  (bnc#1051790).\n- CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register and\n  crashed the host system (bsc#1058507).\n- CVE-2017-14106: The tcp_disconnect function allowed local users to cause a\n  denial of service (__tcp_select_window divide-by-zero error and system crash)\n  by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).\n- CVE-2017-7518: Faulty debug exception via syscall emulation allowed non-linux\n  guests to escalate their privileges in the guest (bsc#1045922).\n- CVE-2017-7533: Race condition in the fsnotify implementation allowed local\n  users to gain privileges or cause a denial of service (memory corruption) via a\n  crafted application that leverages simultaneous execution of the\n  inotify_handle_event and vfs_rename functions (bsc#1049483).\n- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users to\n  cause a denial of service (buffer overflow and system crash) or possibly gain\n  privileges via a crafted NL80211_CMD_FRAME Netlink packet (bsc#1049645).\n- CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to cause\n  a denial of service (integer overflow and infinite loop) by leveraging the\n  ability to open a raw socket (bsc#1049882).\n\nThe following non-security bugs were fixed:\n\n- ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n- ACPI / scan: Prefer devices without _HID for _ADR matching.\n- ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).\n- ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).\n- ALSA: hda - Fix endless loop of codec configure (bsc#1031717).\n- ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).\n- ALSA: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).\n- ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).\n- ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n- ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).\n- Add 'shutdown' to 'struct class' (bsc#1053117).\n- Bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784).\n- Bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784).\n- Bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784).\n- Drivers: hv: Fix the bug in generating the guest ID.\n- Drivers: hv: util: Fix a typo.\n- Drivers: hv: vmbus: Get the current time from the current clocksource (bnc#1044112, bnc#1042778, bnc#1029693).\n- Drivers: hv: vmbus: Move the code to signal end of message.\n- Drivers: hv: vmbus: Move the definition of generate_guest_id().\n- Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents.\n- Drivers: hv: vmbus: Restructure the clockevents code.\n- Fix kABI breakage by KVM CVE fix (bsc#1045922).\n- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n- Input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717).\n- KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478).\n- KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n- MD: fix sleep in atomic (bsc#1040351).\n- More Git-commit header fixups No functional change intended.\n- NFS: Cache aggressively when file is open for writing (bsc#1033587).\n- NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587).\n- NFS: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).\n- NFS: invalidate file size when taking a lock (git-fixes).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).\n- PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478).\n- PCI: Add Mellanox device IDs (bsc#1051478).\n- PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478).\n- PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n- PCI: Enable ECRC only if device supports it (bsc#1051478).\n- PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478).\n- PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478).\n- PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478).\n- PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059).\n- Revert '/proc/iomem: only expose physical resource addresses to privileged users' (kabi).\n- Revert 'ACPI / video: Add force_native quirk for HP Pavilion dv6' (bsc#1031717).\n- Revert 'Add 'shutdown' to 'struct class'.' (kabi).\n- Revert 'KVM: x86: fix emulation of RSM and IRET instructions' (kabi).\n- Revert 'Make file credentials available to the seqfile interfaces' (kabi).\n- Revert 'mm/list_lru.c: fix list_lru_count_node() to be race free' (kabi).\n- Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914).\n- Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi).\n- USB: core: fix device node leak (bsc#1047487).\n- Update kabi files: sync with 4.4.74 updates\n- af_key: Add lock to key dump (bsc#1047653).\n- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n- b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n- bcache: force trigger gc (bsc#1038078).\n- bcache: force trigger gc (bsc#1038078).\n- bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n- bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n- bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).\n- blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n- blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n- blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n- blkfront: add uevent for size change (bnc#1036632).\n- block: Allow bdi re-registration (bsc#1040307).\n- block: Fix front merge check (bsc#1051239).\n- block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n- block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n- block: do not allow updates through sysfs until registration completes (bsc#1047027).\n- bnxt: add a missing rcu synchronization (bnc#1038583).\n- bnxt: do not busy-poll when link is down (bnc#1038583).\n- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n- bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583).\n- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).\n- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).\n- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n- bnxt_en: Fix VF virtual link state (bnc#1038583).\n- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n- bnxt_en: Refactor TPA code path (bnc#1038583).\n- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n- btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n- btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).\n- btrfs: incremental send, fix invalid path for link commands (bsc#1051479).\n- btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).\n- btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n- btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).\n- ceph: fix readpage from fscache (bsc#1057015).\n- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n- crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).\n- cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n- dentry name snapshots (bsc#1049483).\n- dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670).\n- drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (bnc#1044112).\n- drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n- drm/amdgpu: Fix overflow of watermark calcs at greater than 4k resolutions (bsc#1031717).\n- drm/bochs: Implement nomodeset (bsc#1047096).\n- drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717).\n- drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n- drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n- drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n- drm/vmwgfx: Fix large topology crash (bsc#1048155).\n- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n- drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).\n- fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n- gcov: add support for gcc version greater than 6 (bsc#1051663).\n- gcov: support GCC 7.1 (bsc#1051663).\n- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n- gfs2: fix flock panic issue (bsc#1012829).\n- hrtimer: Catch invalid clockids again (bsc#1047651).\n- hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n- hv_util: switch to using timespec64.\n- hv_utils: drop .getcrosststamp() support from PTP driver (bnc#1044112, bnc#1042778, bnc#1029693).\n- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (bnc#1044112, bnc#1042778, bnc#1029693).\n- i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913).\n- i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915).\n- i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915).\n- i40e: add VSI info to macaddr messages (bsc#1039915).\n- i40e: add hw struct local variable (bsc#1039915).\n- i40e: add private flag to control source pruning (bsc#1034075).\n- i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n- i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n- i40e: delete filter after adding its replacement when converting (bsc#1039915).\n- i40e: do not add broadcast filter for VFs (bsc#1039915).\n- i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID lower than 1 (bsc#1039915).\n- i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915).\n- i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915).\n- i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915).\n- i40e: fix MAC filters when removing VLANs (bsc#1039915).\n- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915).\n- i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n- i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n- i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915).\n- i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915).\n- i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915).\n- i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n- i40e: refactor Rx filter handling (bsc#1039915).\n- i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915).\n- i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915).\n- i40e: remove code to handle dev_addr specially (bsc#1039915).\n- i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915).\n- i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915).\n- i40e: removed unreachable code (bsc#1039915).\n- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n- i40e: restore workaround for removing default MAC filter (bsc#1039915).\n- i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n- i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915).\n- i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915).\n- i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915).\n- i40e: write HENA for VFs (bsc#1039915).\n- ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709).\n- ibmvnic: Clean up resources on probe failure (bsc#1058116).\n- ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n- ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n- iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717).\n- introduce the walk_process_tree() helper (bnc#1022476).\n- iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533).\n- ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958).\n- ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958).\n- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n- iwlwifi: mvm: compare full command ID.\n- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).\n- iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n- iwlwifi: mvm: synchronize firmware DMA paging memory.\n- iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n- iwlwifi: mvm: unmap the paging memory before freeing it.\n- iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n- kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478).\n- kernel/*: switch to memdup_user_nul() (bsc#1048893).\n- kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n- lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n- libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n- lightnvm: nvme reset_controller is not working after adapter's firmware upgrade (bsc#988784).\n- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning.\n- mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n- md/raid5: fix a race condition in stripe batch (linux-stable).\n- mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes).\n- mm-adaptive-hash-table-scaling-v5 (bnc#1036303).\n- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).\n- mm: adaptive hash table scaling (bnc#1036303).\n- mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048).\n- mm: drop HASH_ADAPT (bnc#1036303).\n- mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314).\n- mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n- mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n- mwifiex: do not update MCS set from hostapd (bsc#1031717).\n- net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n- net: account for current skb length when deciding about UFO (bsc#1041958).\n- net: ena: add hardware hints capability to the driver (bsc#1047121).\n- net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121).\n- net: ena: add missing unmap bars on device removal (bsc#1047121).\n- net: ena: add reset reason for each device FLR (bsc#1047121).\n- net: ena: add support for out of order rx buffers refill (bsc#1047121).\n- net: ena: allow the driver to work with small number of msix vectors (bsc#1047121).\n- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n- net: ena: change return value for unsupported features unsupported return value (bsc#1047121).\n- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n- net: ena: disable admin msix while working in polling mode (bsc#1047121).\n- net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121).\n- net: ena: fix race condition between submit and completion admin command (bsc#1047121).\n- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n- net: ena: separate skb allocation to dedicated function (bsc#1047121).\n- net: ena: update driver's rx drop statistics (bsc#1047121).\n- net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n- net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n- net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121).\n- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n- net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286).\n- net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n- netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n- netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888).\n- netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888).\n- new helper: memdup_user_nul() (bsc#1048893).\n- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n- ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n- of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827).\n- ovl: fix dentry leak for default_permissions (bsc#1054084).\n- percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096).\n- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096).\n- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096).\n- percpu_ref: restructure operation mode switching (bsc#1055096).\n- percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n- perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n- perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n- perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n- platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022).\n- platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022).\n- platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022).\n- platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022).\n- platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022).\n- platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022).\n- platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022).\n- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022).\n- prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476).\n- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063).\n- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n- s390: export symbols for crash-kmp (bsc#1053915).\n- sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476).\n- sched/debug: Print the scheduler topology group mask (bnc#1022476).\n- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n- sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n- sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476).\n- sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n- sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n- sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n- sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n- sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476).\n- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n- sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n- sched/topology: Small cleanup (bnc#1022476).\n- sched/topology: Verify the first group matches the child domain (bnc#1022476).\n- scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n- scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n- scsi: storvsc: Workaround for virtual DVD SCSI version (bnc#1044636).\n- scsi_devinfo: fixup string compare (bsc#1037404).\n- scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n- sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).\n- sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n- sysctl: simplify unsigned int support (bsc#1048893).\n- timers: Plug locking race vs. timer migration (bnc#1022476).\n- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n- tpm: KABI fix (bsc#1053117).\n- tpm: fix: return rc when devm_add_action() fails (bsc#1020645, bsc#1034048).\n- tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, bsc#1034048).\n- tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, bsc#1034048).\n- tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, bsc#1034048).\n- tty: serial: msm: Support more bauds (git-fixes).\n- ubifs: Correctly evict xattr inodes (bsc#1012829).\n- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n- udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n- udf: Fix races with i_size changes during readpage (bsc#1012829).\n- vfs: fix missing inode_get_dev sites (bsc#1052049).\n- x86/LDT: Print the real LDT base address (bsc#1051478).\n- x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399).\n- x86/mce: Make timer handling more robust (bsc#1042422).\n- x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478).\n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes).\n- xen/balloon: do not online new memory initially (bnc#1028173).\n- xen/pvh*: Support greater than 32 VCPUs at domain restore (bnc#1045563).\n- xen: allocate page for shared info page from low memory (bnc#1038616).\n- xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422).\n- xfrm: NULL dereference on allocation failure (bsc#1047343).\n- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n- xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n- xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n- xfs: fix inobt inode allocation search optimization (bsc#1012829).\n","id":"SUSE-SU-2017:2956-1","modified":"2017-11-08T15:02:59Z","published":"2017-11-08T15:02:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172956-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005917"},{"type":"REPORT","url":"https://bugzilla.suse.com/1006180"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012382"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012829"},{"type":"REPORT","url":"https://bugzilla.suse.com/1013887"},{"type":"REPORT","url":"https://bugzilla.suse.com/1018419"},{"type":"REPORT","url":"https://bugzilla.suse.com/1019151"},{"type":"REPORT","url":"https://bugzilla.suse.com/1020645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1020657"},{"type":"REPORT","url":"https://bugzilla.suse.com/1020685"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021424"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022476"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022743"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023175"},{"type":"REPORT","url":"https://bugzilla.suse.com/1024405"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028173"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028286"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1029693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1030552"},{"type":"REPORT","url":"https://bugzilla.suse.com/1030850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031515"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031717"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031784"},{"type":"REPORT","url":"https://bugzilla.suse.com/1033587"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034048"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034075"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034762"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036303"},{"type":"REPORT","url":"https://bugzilla.suse.com/1036632"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037344"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037994"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038078"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038583"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038616"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038792"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038846"},{"type":"REPORT","url":"https://bugzilla.suse.com/1038847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1039354"},{"type":"REPORT","url":"https://bugzilla.suse.com/1039915"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040307"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040351"},{"type":"REPORT","url":"https://bugzilla.suse.com/1041958"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042286"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042314"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042778"},{"type":"REPORT","url":"https://bugzilla.suse.com/1043652"},{"type":"REPORT","url":"https://bugzilla.suse.com/1044112"},{"type":"REPORT","url":"https://bugzilla.suse.com/1044636"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045154"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045563"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045922"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046682"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046985"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047027"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047048"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047121"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047152"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047277"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047343"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047354"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047487"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047651"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047653"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047670"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048221"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048317"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048891"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048893"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048914"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048934"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049226"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049483"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049486"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049603"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1049882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050061"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050188"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051022"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051059"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051239"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051399"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051478"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051479"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051556"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051663"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052223"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052365"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052533"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052709"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052773"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052794"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052888"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053117"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053802"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053915"},{"type":"REPORT","url":"https://bugzilla.suse.com/1054084"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055013"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055359"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056261"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056588"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056827"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056982"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057015"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057389"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058038"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058116"},{"type":"REPORT","url":"https://bugzilla.suse.com/1058507"},{"type":"REPORT","url":"https://bugzilla.suse.com/963619"},{"type":"REPORT","url":"https://bugzilla.suse.com/964063"},{"type":"REPORT","url":"https://bugzilla.suse.com/964944"},{"type":"REPORT","url":"https://bugzilla.suse.com/971975"},{"type":"REPORT","url":"https://bugzilla.suse.com/974215"},{"type":"REPORT","url":"https://bugzilla.suse.com/981309"},{"type":"REPORT","url":"https://bugzilla.suse.com/988784"},{"type":"REPORT","url":"https://bugzilla.suse.com/993890"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000111"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000251"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000252"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000365"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-10810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14051"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8831"}],"related":["CVE-2017-1000111","CVE-2017-1000112","CVE-2017-1000251","CVE-2017-1000252","CVE-2017-1000365","CVE-2017-10810","CVE-2017-11472","CVE-2017-11473","CVE-2017-12134","CVE-2017-12154","CVE-2017-14051","CVE-2017-14106","CVE-2017-7518","CVE-2017-7533","CVE-2017-7541","CVE-2017-7542","CVE-2017-8831"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2017-1000111","CVE-2017-1000112","CVE-2017-1000251","CVE-2017-1000252","CVE-2017-1000365","CVE-2017-10810","CVE-2017-11472","CVE-2017-11473","CVE-2017-12134","CVE-2017-12154","CVE-2017-14051","CVE-2017-14106","CVE-2017-7518","CVE-2017-7533","CVE-2017-7541","CVE-2017-7542","CVE-2017-8831"]}