{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.128 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-10124: The kill_something_info function in kernel/signal.c might\n  have allowed local users to cause a denial of service via an INT_MIN argument\n  (bnc#1089752).\n- CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed\n  local users to cause a denial of service by triggering an attempted use of the\n  -INT_MIN value (bnc#1089608).\n- CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local\n  users to cause a denial of service (integer overflow and loop) via crafted use\n  of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl\n  (bnc#1088241)\n- CVE-2018-1091: In the flush_tmregs_to_thread function in\n  arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from\n  unprivileged userspace during a core dump on a POWER host due to a missing\n  processor feature check and an erroneous use of transactional memory (TM)\n  instructions in the core dump path, leading to a denial of service\n  (bnc#1087231).\n- CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel\n  function could have been exploited by malicious NCPFS servers to crash the\n  kernel or execute code (bnc#1086162).\n- CVE-2018-8043: The unimac_mdio_probe function in\n  drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource\n  availability, which allowed local users to cause a denial of service (NULL\n  pointer dereference) (bnc#1084829).\n- CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local\n  users to cause a denial of service (BUG) via a crafted application that made\n  mmap system calls and has a large pgoff argument to the remap_file_pages system\n  call (bnc#1084353).\n\nThe following non-security bugs were fixed:\n\n- Fix ltp might_sleep() splat BUG\n- ACPI / PMIC: xpower: Fix power_table addresses (bnc#1012382).\n- ACPI, PCI, irq: remove redundant check for null string pointer (bnc#1012382).\n- ACPI/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981).\n- ACPI/processor: Fix error handling in __acpi_processor_start() (bnc#1012382).\n- ACPI/processor: Replace racy task affinity logic (bnc#1012382).\n- ACPICA: Add header support for TPM2 table changes (bsc#1084452).\n- ACPICA: Add support for new SRAT subtable (bsc#1085981).\n- ACPICA: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382).\n- ACPICA: Events: Add runtime stub support for event APIs (bnc#1012382).\n- ACPICA: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981).\n- ALSA: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382).\n- ALSA: aloop: Sync stale timer before release (bnc#1012382).\n- ALSA: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382).\n- ALSA: hda - Revert power_save option default value (git-fixes).\n- ALSA: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382).\n- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382).\n- ALSA: hda/realtek - Fix speaker no sound after system resume (bsc#1031717).\n- ALSA: hda: Add a power_save blacklist (bnc#1012382).\n- ALSA: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382).\n- ALSA: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382).\n- ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382).\n- ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382).\n- ALSA: pcm: potential uninitialized return values (bnc#1012382).\n- ALSA: usb-audio: Add a quirck for BW PX headphones (bnc#1012382).\n- ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382).\n- ARM64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328).\n- ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382).\n- ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382).\n- ARM: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382).\n- ARM: dts: Adjust moxart IRQ controller and flags (bnc#1012382).\n- ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).\n- ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).\n- ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382).\n- ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382).\n- ARM: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382).\n- ARM: dts: exynos: Correct Trats2 panel reset line (bnc#1012382).\n- ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382).\n- ARM: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382).\n- ARM: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382).\n- ARM: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible string to esdhc node (bnc#1012382).\n- ARM: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382).\n- ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382).\n- ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382).\n- ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382).\n- ARM: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382).\n- ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382).\n- ASoC: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382).\n- ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).\n- Bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382).\n- Bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382).\n- Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382).\n- Bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382).\n- Btrfs: incremental send, fix invalid memory access (git-fixes).\n- Btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382).\n- CIFS: silence lockdep splat in cifs_relock_file() (bnc#1012382).\n- Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382).\n- EDAC, mv64x60: Fix an error handling path (bnc#1012382).\n- EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c).\n- HID: clamp input to logical range if no null state (bnc#1012382).\n- HID: reject input outside logical range only if null state is set (bnc#1012382).\n- IB/core: Fix possible crash to access NULL netdev (bsc#966191 bsc#966186).\n- IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 bsc#966186).\n- IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382).\n- IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382).\n- IB/mlx4: Change vma from shared to private (bnc#1012382).\n- IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 bsc#966186).\n- IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 bsc#966186).\n- IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382).\n- IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 bsc#1015343).\n- IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 bsc#966172).\n- IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 bsc#966172).\n- IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 bsc#966172).\n- IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 bsc#1015343).\n- IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 bsc#1015343).\n- IB/srpt: Fix abort handling (bnc#1012382).\n- IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296).\n- IB/umem: Fix use of npages/nmap fields (bnc#1012382).\n- Input: elan_i2c - check if device is there before really probing (bnc#1012382).\n- Input: elan_i2c - clear INT before resetting controller (bnc#1012382).\n- Input: elantech - force relative mode on a certain module (bnc#1012382).\n- Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382).\n- Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382).\n- Input: matrix_keypad - fix race when disabling interrupts (bnc#1012382).\n- Input: mousedev - fix implicit conversion warning (bnc#1012382).\n- Input: qt1070 - add OF device ID table (bnc#1012382).\n- Input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382).\n- KVM: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382).\n- KVM: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382).\n- KVM: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382).\n- KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499).\n- KVM: arm/arm64: vgic-its: Check result of allocation before use (bsc#).\n- KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499).\n- KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499).\n- KVM: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499).\n- KVM: mmu: Fix overlap between public and private memslots (bnc#1012382).\n- KVM: nVMX: Fix handling of lmsw instruction (bnc#1012382).\n- Kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).\n- MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012382).\n- MIPS: BPF: Fix multiple problems in JIT skb access helpers (bnc#1012382).\n- MIPS: BPF: Quit clobbering callee saved registers in JIT code (bnc#1012382).\n- MIPS: OCTEON: irq: Check for null return on kzalloc allocation (bnc#1012382).\n- MIPS: ath25: Check for kzalloc allocation failure (bnc#1012382).\n- MIPS: kprobes: flush_insn_slot should flush only if probe initialised (bnc#1012382).\n- MIPS: mm: adjust PKMAP location (bnc#1012382).\n- MIPS: mm: fixed mappings: correct initialisation (bnc#1012382).\n- MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters (bnc#1012382).\n- MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification (bnc#1012382).\n- MIPS: ralink: Remove ralink_halt() (bnc#1012382).\n- NFC: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382).\n- NFC: nfcmrvl: double free on error path (bnc#1012382).\n- NFS: Fix an incorrect type in struct nfs_direct_req (bnc#1012382).\n- NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382).\n- NFSv4.1: Work around a Linux server bug.. (bnc#1012382).\n- PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699).\n- PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382).\n- PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348).\n- PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382).\n- PCI: Add pci_reset_function_locked() (bsc#1084889).\n- PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914).\n- PCI: Avoid FLR for Intel 82579 NICs (bsc#1084889).\n- PCI: Avoid slot reset if bridge itself is broken (bsc#1084918).\n- PCI: Export pcie_flr() (bsc#1084889).\n- PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382).\n- PCI: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015).\n- PCI: Probe for device reset support during enumeration (bsc#1084889).\n- PCI: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889).\n- PCI: Protect restore with device lock to be consistent (bsc#1084889).\n- PCI: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889).\n- PCI: Remove redundant probes for device reset support (bsc#1084889).\n- PCI: Wait for up to 1000ms after FLR reset (bsc#1084889).\n- PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906).\n- PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659).\n- PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659).\n- PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659).\n- PCI: hv: Serialize the present and eject work items (bsc#1087659).\n- Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428).\n- RDMA/cma: Use correct size when writing netlink stats (bnc#1012382).\n- RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access\n- RDMA/core: Do not use invalid destination in determining port reuse\n- RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382).\n- RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012382).\n- RDMA/mlx5: Protect from NULL pointer derefence (bsc#1015342 bsc#1015343).\n- RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382).\n- RDMA/qedr: Fix QP state initialization race (bsc#1022604).\n- RDMA/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604).\n- RDMA/qedr: fix QP's ack timeout configuration (bsc#1022604).\n- RDMA/rxe: Fix an out-of-bounds read \n- RDMA/ucma: Check AF family prior resolving address (bnc#1012382).\n- RDMA/ucma: Check that device exists prior to accessing it (bnc#1012382).\n- RDMA/ucma: Check that device is connected prior to access it (bnc#1012382).\n- RDMA/ucma: Check that user does not overflow QP state (bnc#1012382).\n- RDMA/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382).\n- RDMA/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382).\n- RDMA/ucma: Fix access to non-initialized CM_ID object (bnc#1012382).\n- RDMA/ucma: Fix use-after-free access in ucma_close (bnc#1012382).\n- RDMA/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382).\n- RDMA/ucma: Limit possible option size (bnc#1012382).\n- Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux' (bnc#1012382).\n- Revert 'ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin' (bnc#1012382).\n- Revert 'ARM: dts: omap3-n900: Fix the audio CODEC's reset pin' (bnc#1012382).\n- Revert 'PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()' (bnc#1012382).\n- Revert 'cpufreq: Fix governor module removal race' (bnc#1012382).\n- Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428).\n- Revert 'genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs' (bnc#1012382).\n- Revert 'ip6_vti: adjust vti mtu according to mtu of lower device' (bnc#1012382).\n- Revert 'ipvlan: add L2 check for packets arriving via virtual devices' (reverted in upstream).\n- Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382).\n- Revert 'mtip32xx: use runtime tag to initialize command header' (bnc#1012382).\n- Revert 'xhci: plat: Register shutdown for xhci_plat' (bnc#1012382).\n- Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135).\n- USB: ene_usb6250: fix SCSI residue overwriting (bnc#1012382).\n- USB: ene_usb6250: fix first command execution (bnc#1012382).\n- USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382).\n- USB: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382).\n- USB: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382).\n- USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382).\n- USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382).\n- USB: usbmon: remove assignment from IS_ERR argument (bnc#1012382).\n- Update patches.arch/s390-sles12sp3-08-03-KVM-s390-instruction-execution-protection-support.patch (LTC#162428, bsc#1073069).\n- Update patches.arch/s390-sles12sp3-08-06-01-s390-mem_detect-use-unsigned-longs.patch (LTC#158956, bsc#1073059).\n- Update patches.arch/s390-sles12sp3-08-06-02-kvm-s390-enable-all-facility-bits-that-are-known-goo.patch (LTC#158956, bsc#1073059).\n- Update patches.arch/s390-sles12sp3-08-06-03-s390-sclp-add-hmfai-field.patch (LTC#158956, bsc#1073059).\n- Update patches.arch/s390-sles12sp3-08-06-04-kvm-s390-populate-mask-of-non-hypervisor-managed-fac.patch (LTC#158956, bsc#1073059).\n- Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958).\n- acpi, numa: fix pxm to online numa node associations (bnc#1012382).\n- agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382).\n- ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012382).\n- apparmor: Make path_max parameter readonly (bnc#1012382).\n- arm/arm64: KVM: Add PSCI_VERSION helper (bsc#1068032).\n- arm/arm64: KVM: Add smccc accessors to PSCI code (bsc#1068032).\n- arm/arm64: KVM: Advertise SMCCC v1.1 (bsc#1068032).\n- arm/arm64: KVM: Consolidate the PSCI include files (bsc#1068032).\n- arm/arm64: KVM: Implement PSCI 1.0 support (bsc#1068032).\n- arm/arm64: KVM: Turn kvm_psci_version into a static inline (bsc#1068032).\n- arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032).\n- arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032).\n- arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032).\n- arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032).\n- arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313).\n- arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032).\n- arm64: KVM: Increment PC after handling an SMC trap (bsc#1068032).\n- arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032).\n- arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032).\n- arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032).\n- arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382).\n- arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032).\n- arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032).\n- arm64: fix smccc compilation (bsc#1068032).\n- arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382).\n- arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487).\n- arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050).\n- arp: fix arp_filter on l3slave devices (bnc#1012382).\n- arp: honour gratuitous ARP _replies_ (bnc#1012382).\n- async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382).\n- ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382).\n- ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382).\n- ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382).\n- ath10k: update tdls teardown state to target (bnc#1012382).\n- ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382).\n- ath: Fix updating radar flags for coutry code India (bnc#1012382).\n- audit: add tty field to LOGIN event (bnc#1012382).\n- batman-adv: handle race condition for claims between gateways (bnc#1012382).\n- bcache: do not attach backing with duplicate UUID (bnc#1012382).\n- bcache: segregate flash only volume write streams (bnc#1012382).\n- bcache: stop writeback thread after detaching (bnc#1012382).\n- blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058).\n- blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382).\n- blk-throttle: make sure expire time isn't too big (bnc#1012382).\n- blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382).\n- block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967).\n- block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058).\n- block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087).\n- bna: Avoid reading past end of buffer (bnc#1012382).\n- bnx2x: Align RX buffers (bnc#1012382).\n- bnx2x: Allow vfs to disable txvlan offload (bnc#1012382).\n- bonding: Do not update slave->link until ready to commit (bnc#1012382).\n- bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382).\n- bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382).\n- bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382).\n- bonding: refine bond_fold_stats() wrap detection (bnc#1012382).\n- bpf, x64: implement retpoline for tail call (bnc#1012382).\n- bpf, x64: increase number of passes (bnc#1012382).\n- bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382).\n- bpf: skip unnecessary capability check (bnc#1012382).\n- braille-console: Fix value returned by _braille_console_setup (bnc#1012382).\n- brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382).\n- bridge: check brport attr show in brport_show (bnc#1012382).\n- btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382).\n- btrfs: Only check first key for committed tree blocks (bsc#1084721).\n- btrfs: Validate child tree block's level and first key (bsc#1084721).\n- btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382).\n- btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382).\n- btrfs: improve delayed refs iterations (bsc#1076033).\n- btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382).\n- bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382).\n- bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382).\n- can: cc770: Fix queue stall and dropped RTR reply (bnc#1012382).\n- can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382).\n- can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382).\n- ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898).\n- cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382).\n- ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684).\n- clk: Fix __set_clk_rates error print-string (bnc#1012382).\n- clk: bcm2835: Protect sections updating shared registers (bnc#1012382).\n- clk: ns2: Correct SDIO bits (bnc#1012382).\n- clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382).\n- clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382).\n- clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382).\n- coresight: Fix disabling of CoreSight TPIU (bnc#1012382).\n- coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382).\n- cpufreq/sh: Replace racy task affinity logic (bnc#1012382).\n- cpufreq: Fix governor module removal race (bnc#1012382).\n- cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382).\n- cpuidle: Add new macro to enter a retention idle state (bsc#1084328).\n- cpumask: Add helper cpumask_available() (bnc#1012382).\n- cros_ec: fix nul-termination for firmware build info (bnc#1012382).\n- crypto: ahash - Fix early termination in hash walk (bnc#1012382).\n- crypto: cavium - fix memory leak on info (bsc#1086518).\n- crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382).\n- cx25840: fix unchecked return values (bnc#1012382).\n- cxgb4: FW upgrade fixes (bnc#1012382).\n- cxgb4: Fix queue free path of ULD drivers (bsc#1022743).\n- cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).\n- cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382).\n- dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).\n- dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382).\n- dm ioctl: remove double parentheses (bnc#1012382).\n- dm: Always copy cmd_flags when cloning a request (bsc#1088087).\n- dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382).\n- dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382).\n- dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382).\n- driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382).\n- drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4\n- drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296).\n- drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382).\n- drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382).\n- drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382).\n- drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382).\n- drm/amdgpu: Notify sbios device ready before send request (bnc#1012382).\n- drm/amdgpu: fix KV harvesting (bnc#1012382).\n- drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382).\n- drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382).\n- drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717).\n- drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717).\n- drm/msm: fix leak in failed get_pages (bnc#1012382).\n- drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382).\n- drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382).\n- drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382).\n- drm/omap: fix tiled buffer stride calculations (bnc#1012382).\n- drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382).\n- drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382).\n- drm/radeon: Fix deadlock on runtime suspend (bnc#1012382).\n- drm/radeon: fix KV harvesting (bnc#1012382).\n- drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382).\n- drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382).\n- drm: Allow determining if current task is output poll worker (bnc#1012382).\n- drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382).\n- drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382).\n- drm: udl: Properly check framebuffer mmap offsets (bnc#1012382).\n- e1000e: Avoid missed interrupts following ICR read (bsc#1075428).\n- e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428).\n- e1000e: Fix check_for_link return value with autoneg off (bsc#1075428).\n- e1000e: Fix link check race condition (bsc#1075428).\n- e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428).\n- e1000e: Remove Other from EIAC (bsc#1075428).\n- e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382).\n- e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382).\n- e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382).\n- esp: Fix memleaks on error paths (git-fixes).\n- ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382).\n- ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382).\n- f2fs: relax node version check for victim data in gc (bnc#1012382).\n- fib_semantics: Do not match route with mismatching tclassid (bnc#1012382).\n- firmware/psci: Expose PSCI conduit (bsc#1068032).\n- firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032).\n- fix race in drivers/char/random.c:get_reg() (bnc#1012382).\n- fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382).\n- frv: declare jiffies to be located in the .data section (bnc#1012382).\n- fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382).\n- fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382).\n- fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745).\n- fs/proc: Stop trying to report thread stacks (bnc#1012382).\n- fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382).\n- fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382).\n- genirq: Track whether the trigger type has been set (git-fixes).\n- genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382).\n- genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382).\n- gpio: label descriptors using the device name (bnc#1012382).\n- hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382).\n- hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382).\n- hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353).\n- hv_balloon: fix bugs in num_pages_onlined accounting\n- hv_balloon: fix printk loglevel\n- hv_balloon: simplify hv_online_page()/hv_page_online_one()\n- hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes).\n- hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382).\n- i2c: i2c-scmi: add a MS HID (bnc#1012382).\n- i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310).\n- i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310).\n- i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799).\n- i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799).\n- i40e: Acquire NVM lock before reads on all devices (bnc#1012382).\n- i40iw: Free IEQ resources (bsc#969476 bsc#969477).\n- ia64: fix module loading for gcc-5.4 (bnc#1012382).\n- ibmvfc: Avoid unnecessary port relogin (bsc#1085404).\n- ibmvnic: Clear pending interrupt after device reset (bsc#1089644).\n- ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198).\n- ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610).\n- ibmvnic: Do not notify peers on parameter change resets (bsc#1089198).\n- ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600).\n- ibmvnic: Fix DMA mapping mistakes (bsc#1088600).\n- ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600).\n- ibmvnic: Fix reset return from closed state (bsc#1084610).\n- ibmvnic: Fix reset scheduler error handling (bsc#1088600).\n- ibmvnic: Handle all login error conditions (bsc#1089198).\n- ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes).\n- ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224).\n- ibmvnic: Update TX pool cleaning routine (bsc#1085224).\n- ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600).\n- ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382).\n- iio: hi8435: avoid garbage event at first enable (bnc#1012382).\n- iio: hi8435: cleanup reset gpio (bnc#1012382).\n- iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382).\n- iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382).\n- iio: st_pressure: st_accel: pass correct platform data to init (git-fixes).\n- ima: relax requiring a file signature for new files with zero length (bnc#1012382).\n- infiniband/uverbs: Fix integer overflows (bnc#1012382).\n- iommu/omap: Register driver before setting IOMMU ops (bnc#1012382).\n- iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382).\n- ip6_gre: better validate user provided tunnel names (bnc#1012382).\n- ip6_tunnel: better validate user provided tunnel names (bnc#1012382).\n- ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382).\n- ip_tunnel: better validate user provided tunnel names (bnc#1012382).\n- ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382).\n- ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799).\n- ipmi: Use the proper default value for register size in ACPI (bsc#1060799).\n- ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799).\n- ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799).\n- ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871).\n- ipmi_ssif: Fix logic around alert handling (bsc#1060799).\n- ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799).\n- ipmi_ssif: unlock on allocation failure (bsc#1060799).\n- ipsec: check return value of skb_to_sgvec always (bnc#1012382).\n- ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382).\n- ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382).\n- ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382).\n- ipv6: sit: better validate user provided tunnel names (bnc#1012382).\n- ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382).\n- ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382).\n- irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981).\n- irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981).\n- irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382).\n- irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981).\n- iw_cxgb4: print mapped ports correctly (bsc#321658 bsc#321660 bsc#321661).\n- jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382).\n- kABI: add tty include to audit.c (kabi).\n- kABI: protect jiffies types (kabi).\n- kABI: protect skb_to_sgvec* (kabi).\n- kABI: protect tty include in audit.h (kabi).\n- kGraft: fix small race in reversion code (bsc#1083125).\n- kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382).\n- kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382).\n- kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382).\n- kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes).\n- kprobes/x86: Set kprobes pages read-only (bnc#1012382).\n- kvm/x86: fix icebp instruction handling (bnc#1012382).\n- kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499).\n- kvm: nVMX: fix nested tsc scaling (bsc1087999).\n- l2tp: do not accept arbitrary sockets (bnc#1012382).\n- l2tp: fix missing print session offset info (bnc#1012382).\n- leds: pca955x: Correct I2C Functionality (bnc#1012382).\n- libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382).\n- libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382).\n- libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382).\n- libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382).\n- libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382).\n- libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382).\n- libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382).\n- libata: remove WARN() for DMA or PIO command without data (bnc#1012382).\n- llist: clang: introduce member_address_is_nonnull() (bnc#1012382).\n- lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382).\n- lockd: fix lockd shutdown race (bnc#1012382).\n- lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes).\n- loop: Fix lost writes caused by missing flag (bnc#1012382).\n- lpfc: update version to 11.4.0.7-1 (bsc#1085383).\n- mISDN: Fix a sleep-in-atomic bug (bnc#1012382).\n- mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382).\n- mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717).\n- mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382).\n- mac80211: remove BUG() when interface type is invalid (bnc#1012382).\n- mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382).\n- mceusb: sporadic RX truncation corruption fix (bnc#1012382).\n- md raid10: fix NULL deference in handle_write_completed() (git-fixes).\n- md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402).\n- md/raid10: reset the 'first' at the end of loop (bnc#1012382).\n- md/raid10: skip spare disk as 'first' disk (bnc#1012382).\n- md/raid10: wait up frozen array in handle_write_completed (bnc#1012382).\n- md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382).\n- md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382).\n- media/dvb-core: Race condition when writing to CAM (bnc#1012382).\n- media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382).\n- media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).\n- media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382).\n- media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382).\n- media: cpia2: Fix a couple off by one bugs (bnc#1012382).\n- media: cx25821: prevent out-of-bounds read on array card (bsc#1031717).\n- media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382).\n- media: m88ds3103: do not call a non-initalized function (bnc#1012382).\n- media: s3c-camif: fix out-of-bounds array access (bsc#1031717).\n- media: videobuf2-core: do not go out of the buffer range (bnc#1012382).\n- mei: remove dev_err message on an unsupported ioctl (bnc#1012382).\n- mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382).\n- mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382).\n- mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353).\n- mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382).\n- mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382).\n- mmc: avoid removing non-removable hosts during suspend (bnc#1012382).\n- mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267).\n- mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382).\n- mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382).\n- mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382).\n- mt7601u: check return value of alloc_skb (bnc#1012382).\n- mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382).\n- mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382).\n- mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382).\n- mtip32xx: use runtime tag to initialize command header (bnc#1012382).\n- neighbour: update neigh timestamps iff update is effective (bnc#1012382).\n- net sched actions: fix dumping which requires several messages to user space (bnc#1012382).\n- net/8021q: create device with all possible features in wanted_features (bnc#1012382).\n- net/faraday: Add missing include of of.h (bnc#1012382).\n- net/ipv6: Fix route leaking between VRFs (bnc#1012382).\n- net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382).\n- net/iucv: Free memory obtained by kzalloc (bnc#1012382).\n- net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382).\n- net/mlx4: Fix the check in attaching steering rules (bnc#1012382).\n- net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 bsc#966186).\n- net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382).\n- net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 bsc#1015337 bsc#1015340).\n- net/mlx5: Fix error handling in load one (bsc#1015342 bsc#1015343).\n- net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 bsc#1015343).\n- net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382).\n- net/mlx5: avoid build warning for uniprocessor (bnc#1012382).\n- net/mlx5e: Add error print in ETS init (bsc#966170 bsc#966172).\n- net/mlx5e: Check support before TC swap in ETS init (bsc#966170 bsc#966172).\n- net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 bsc#1015343).\n- net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 bsc#1015343).\n- net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382).\n- net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382).\n- net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382).\n- net: cavium: liquidio: fix up 'Avoid dma_unmap_single on uninitialized ndata' (bnc#1012382).\n- net: cdc_ncm: Fix TX zero padding (bnc#1012382).\n- net: emac: fix reset timeout with AR8035 phy (bnc#1012382).\n- net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382).\n- net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382).\n- net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382).\n- net: fec: Fix unbalanced PM runtime calls (bnc#1012382).\n- net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382).\n- net: fix race on decreasing number of TX queues (bnc#1012382).\n- net: fool proof dev_valid_name() (bnc#1012382).\n- net: freescale: fix potential null pointer dereference (bnc#1012382).\n- net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511).\n- net: hns: Fix ethtool private flags (bsc#1085511).\n- net: ieee802154: fix net_device reference release too early (bnc#1012382).\n- net: ipv4: avoid unused variable warning for sysctl (git-fixes).\n- net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382).\n- net: ipv6: send unsolicited NA after DAD (git-fixes).\n- net: ipv6: send unsolicited NA on admin up (bnc#1012382).\n- net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382).\n- net: move somaxconn init from sysctl code (bnc#1012382).\n- net: mpls: Pull common label check into helper (bnc#1012382).\n- net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382).\n- net: qca_spi: Fix alignment issues in rx path (bnc#1012382).\n- net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382).\n- net: x25: fix one potential use-after-free issue (bnc#1012382).\n- net: xfrm: allow clearing socket xfrm policies (bnc#1012382).\n- net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382).\n- netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382).\n- netfilter: add back stackpointer size checks (bnc#1012382).\n- netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382).\n- netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382).\n- netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382).\n- netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382).\n- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382).\n- netfilter: nat: cope with negative port range (bnc#1012382).\n- netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382).\n- netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382).\n- netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382).\n- netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382).\n- netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382).\n- netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382).\n- netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382).\n- netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382).\n- nfsd4: permit layoutget of executable-only files (bnc#1012382).\n- nospec: Allow index argument to have const-qualified type (bnc#1012382).\n- nospec: Include asm/barrier.h dependency (bnc#1012382).\n- nospec: Kill array_index_nospec_mask_check() (bnc#1012382).\n- nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382).\n- nvme/rdma: do no start error recovery twice (bsc#1084967).\n- nvme: do not send keep-alive frames during reset (bsc#1084223).\n- nvme: do not send keep-alives to the discovery controller (bsc#1086607).\n- nvme: expand nvmf_check_if_ready checks (bsc#1085058).\n- nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574).\n- of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382).\n- openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382).\n- ovl: filter trusted xattr for non-admin (bnc#1012382).\n- pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() (bnc#1012382).\n- parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382).\n- partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382).\n- perf header: Set proper module name when build-id event found (bnc#1012382).\n- perf inject: Copy events when reordering events in pipe mode (bnc#1012382).\n- perf probe: Add warning message if there is unexpected event name (bnc#1012382).\n- perf probe: Return errno when not hitting any event (bnc#1012382).\n- perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382).\n- perf session: Do not rely on evlist in pipe mode (bnc#1012382).\n- perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382).\n- perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382).\n- perf tests: Decompress kernel module before objdump (bnc#1012382).\n- perf tools: Fix copyfile_offset update of output offset (bnc#1012382).\n- perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382).\n- perf trace: Add mmap alias for s390 (bnc#1012382).\n- perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382).\n- perf/core: Fix locking for children siblings group read (git-fixes).\n- perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382).\n- perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bsc#1086357).\n- perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382).\n- pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382).\n- pinctrl: Really force states during suspend/resume (bnc#1012382).\n- platform/chrome: Use proper protocol transfer function (bnc#1012382).\n- platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382).\n- power: supply: pda_power: move from timer to delayed_work (bnc#1012382).\n- powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382).\n- powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242).\n- powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382).\n- powerpc: Do not send system reset request through the oops path (bsc#1088242).\n- powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242).\n- ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382).\n- pptp: remove a buggy dst release in pptp_connect() (bnc#1012382).\n- pty: cancel pty slave port buf's work in tty_release (bnc#1012382).\n- pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382).\n- qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 bsc#1019699 bsc#1022604).\n- qed: Use after free in qed_rdma_free() (bsc#1019695 bsc#1019699 bsc#1022604).\n- qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484).\n- qlcnic: fix unchecked return value (bnc#1012382).\n- qlge: Avoid reading past end of buffer (bnc#1012382).\n- r8169: fix setting driver_data after register_netdev (bnc#1012382).\n- random: use lockless method of accessing and updating f->eg_idx (bnc#1012382).\n- ray_cs: Avoid reading past end of buffer (bnc#1012382).\n- rcutorture/configinit: Fix build directory error message (bnc#1012382).\n- rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (bnc#1012382).\n- regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717).\n- regmap: Do not use format_val in regmap_bulk_read (bsc#1031717).\n- regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717).\n- regmap: Format data for raw write in regmap_bulk_write (bsc#1031717).\n- regulator: anatop: set default voltage selector for pcie (bnc#1012382).\n- reiserfs: Make cancel_old_flush() reliable (bnc#1012382).\n- rndis_wlan: add return value validation (bnc#1012382).\n- rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382).\n- rtc: interface: Validate alarm-time before handling rollover (bnc#1012382).\n- rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382).\n- rtc: snvs: fix an incorrect check of return value (bnc#1012382).\n- rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382).\n- rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382).\n- rxrpc: check return value of skb_to_sgvec always (bnc#1012382).\n- s390/dasd: fix hanging safe offline (bnc#1012382).\n- s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470).\n- s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470).\n- s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470).\n- s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490).\n- s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490).\n- s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491).\n- s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491).\n- s390/qeth: fix IPA command submission race (bnc#1012382).\n- s390/qeth: fix SETIP command handling (bnc#1012382).\n- s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491).\n- s390/qeth: free netdevice when removing a card (bnc#1012382).\n- s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491).\n- s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490).\n- s390/qeth: lock read device while queueing next buffer (bnc#1012382).\n- s390/qeth: on channel error, reject further cmd requests (bnc#1012382).\n- s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490).\n- s390/qeth: when thread completes, wake up all waiters (bnc#1012382).\n- s390: move _text symbol to address higher than zero (bnc#1012382).\n- sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382).\n- sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382).\n- sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382).\n- sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382).\n- scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() (bnc#1012382).\n- scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382).\n- scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382).\n- scsi: dh: add new rdac devices (bnc#1012382).\n- scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382).\n- scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382).\n- scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383).\n- scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865).\n- scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383).\n- scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865).\n- scsi: lpfc: Correct target queue depth application changes (bsc#1088865).\n- scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865).\n- scsi: lpfc: Fix Abort request WQ selection (bsc#1088865).\n- scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865).\n- scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865).\n- scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383).\n- scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383).\n- scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865).\n- scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865).\n- scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865).\n- scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383).\n- scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865).\n- scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865).\n- scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383).\n- scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865).\n- scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382).\n- scsi: mpt3sas: Proper handling of set/clear of 'ATA command pending' flag (bnc#1012382).\n- scsi: sg: check for valid direction before starting the request (bnc#1012382).\n- scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382).\n- scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382).\n- scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206).\n- scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382).\n- scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes).\n- sctp: do not leak kernel memory to user space (bnc#1012382).\n- sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382).\n- sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382).\n- sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382).\n- sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (bnc#1012382).\n- sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382).\n- selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382).\n- selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382).\n- selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382).\n- selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382).\n- selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382).\n- selinux: Remove redundant check for unknown labeling behavior (bnc#1012382).\n- selinux: Remove unnecessary check of array base in selinux_set_mapping() (bnc#1012382).\n- selinux: check for address length in selinux_socket_bind() (bnc#1012382).\n- selinux: do not check open permission on sockets (bnc#1012382).\n- serial: 8250: omap: Disable DMA for console UART (bnc#1012382).\n- serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382).\n- serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382).\n- serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382).\n- sh_eth: Use platform device for printing before register_netdev() (bnc#1012382).\n- sit: reload iphdr in ipip6_rcv (bnc#1012382).\n- skbuff: Fix not waking applications when errors are enqueued (bnc#1012382).\n- skbuff: only inherit relevant tx_flags (bnc#1012382).\n- skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow (bnc#1012382).\n- sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382).\n- sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382).\n- solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382).\n- sparc64: ldc abort during vds iso boot (bnc#1012382).\n- spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382).\n- spi: dw: Disable clock after unregistering the host (bnc#1012382).\n- spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382).\n- spi: sun6i: disable/unprepare clocks on remove (bnc#1012382).\n- staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382).\n- staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382).\n- staging: comedi: fix comedi_nsamples_left (bnc#1012382).\n- staging: comedi: ni_mio_common: ack ai fifo error interrupts (bnc#1012382).\n- staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382).\n- staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382).\n- staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382).\n- staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382).\n- staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382).\n- staging: wilc1000: fix unchecked return value (bnc#1012382).\n- staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning (bnc#1012382).\n- sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382).\n- tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382).\n- target: prefer dbroot of /etc/target over /var/target (bsc#1087274).\n- tcm_fileio: Prevent information leak for short reads (bnc#1012382).\n- tcp: better validation of received ack sequences (bnc#1012382).\n- tcp: remove poll() flakes with FastOpen (bnc#1012382).\n- tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382).\n- team: Fix double free in error path (bnc#1012382).\n- test_firmware: fix setting old custom fw path back on exit (bnc#1012382).\n- thermal: power_allocator: fix one race condition issue for thermal_instances list (bnc#1012382).\n- time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382).\n- timers, sched_clock: Update timeout for clock wrap (bnc#1012382).\n- tools/usbip: fixes build with musl libc toolchain (bnc#1012382).\n- tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452).\n- tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n- tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n- tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n- tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382).\n- tty/serial: atmel: add new version check for usart (bnc#1012382).\n- tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382).\n- tty: provide tty_name() even without CONFIG_TTY (bnc#1012382).\n- tty: vt: fix up tabstops properly (bnc#1012382).\n- uas: fix comparison for error code (bnc#1012382).\n- ubi: Fix race condition between ubi volume creation and udev (bnc#1012382).\n- udplite: fix partial checksum initialization (bnc#1012382).\n- usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211).\n- usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382).\n- usb: dwc2: Improve gadget state disconnection handling (bnc#1012382).\n- usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382).\n- usb: dwc3: keystone: check return value (bnc#1012382).\n- usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382).\n- usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382).\n- usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382).\n- usb: gadget: define free_ep_req as universal function (bnc#1012382).\n- usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382).\n- usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382).\n- usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382).\n- usb: gadget: fix request length error for isoc transfer (git-fixes).\n- usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align (bnc#1012382).\n- usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382).\n- usb: usbmon: Read text within supplied buffer size (bnc#1012382).\n- veth: set peer GSO values (bnc#1012382).\n- vfb: fix video mode and line_length being set when loaded (bnc#1012382).\n- vgacon: Set VGA struct resource types (bnc#1012382).\n- vhost: correctly remove wait queue during poll failure (bnc#1012382).\n- video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382).\n- video: ARM CLCD: fix dma allocation size (bnc#1012382).\n- video: fbdev: udlfb: Fix buffer on stack (bnc#1012382).\n- virtio_net: check return value of skb_to_sgvec always (bnc#1012382).\n- virtio_net: check return value of skb_to_sgvec in one more location (bnc#1012382).\n- vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382).\n- vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382).\n- vrf: Fix use after free and double free in vrf_finish_output (bnc#1012382).\n- vt: change SGR 21 to follow the standards (bnc#1012382).\n- vti6: better validate user provided tunnel names (bnc#1012382).\n- vxlan: dont migrate permanent fdb entries during learn (bnc#1012382).\n- vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382).\n- wan: pc300too: abort path on failure (bnc#1012382).\n- watchdog: hpwdt: Check source of NMI (bnc#1012382).\n- watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).\n- watchdog: hpwdt: SMBIOS check (bnc#1012382).\n- watchdog: hpwdt: fix unused variable warning (bnc#1012382).\n- watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).\n- wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382).\n- wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382).\n- workqueue: Allow retrieval of current task's work struct (bnc#1012382).\n- writeback: fix the wrong congested state variable definition (bnc#1012382).\n- x86/MCE: Serialize sysfs changes (bnc#1012382).\n- x86/apic/vector: Handle legacy irq data correctly (bnc#1012382).\n- x86/asm: Do not use RBP as a temporary register in csum_partial_copy_generic() (bnc#1012382).\n- x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382).\n- x86/build/64: Force the linker to use 2MB page size (bnc#1012382).\n- x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).\n- x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836).\n- x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836).\n- x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560).\n- x86/kaiser: enforce trampoline stack alignment (bsc#1087260).\n- x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382).\n- x86/mm: implement free pmd/pte page interfaces (bnc#1012382).\n- x86/module: Detect and skip invalid relocations (bnc#1012382).\n- x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case (bsc#1089925).\n- x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).\n- x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382).\n- x86/vm86/32: Fix POPF emulation (bnc#1012382).\n- x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382).\n- x86: i8259: export legacy_pic symbol (bnc#1012382).\n- xen-blkfront: fix mq start/stop race (bsc#1085042).\n- xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610).\n- xen: avoid type warning in xchg_xen_ulong (bnc#1012382).\n- xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382).\n- xfrm: fix state migration copy replay sequence numbers (bnc#1012382).\n- xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-RT-12-SP3-2018-842","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1217-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:1217-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181217-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:1217-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-May/003996.html"},{"category":"self","summary":"SUSE Bug 1005778","url":"https://bugzilla.suse.com/1005778"},{"category":"self","summary":"SUSE Bug 1005780","url":"https://bugzilla.suse.com/1005780"},{"category":"self","summary":"SUSE Bug 1005781","url":"https://bugzilla.suse.com/1005781"},{"category":"self","summary":"SUSE Bug 1012382","url":"https://bugzilla.suse.com/1012382"},{"category":"self","summary":"SUSE Bug 1015336","url":"https://bugzilla.suse.com/1015336"},{"category":"self","summary":"SUSE Bug 1015337","url":"https://bugzilla.suse.com/1015337"},{"category":"self","summary":"SUSE Bug 1015340","url":"https://bugzilla.suse.com/1015340"},{"category":"self","summary":"SUSE Bug 1015342","url":"https://bugzilla.suse.com/1015342"},{"category":"self","summary":"SUSE Bug 1015343","url":"https://bugzilla.suse.com/1015343"},{"category":"self","summary":"SUSE Bug 1019695","url":"https://bugzilla.suse.com/1019695"},{"category":"self","summary":"SUSE Bug 1019699","url":"https://bugzilla.suse.com/1019699"},{"category":"self","summary":"SUSE Bug 1022604","url":"https://bugzilla.suse.com/1022604"},{"category":"self","summary":"SUSE Bug 1022743","url":"https://bugzilla.suse.com/1022743"},{"category":"self","summary":"SUSE Bug 1024296","url":"https://bugzilla.suse.com/1024296"},{"category":"self","summary":"SUSE Bug 1031717","url":"https://bugzilla.suse.com/1031717"},{"category":"self","summary":"SUSE Bug 1046610","url":"https://bugzilla.suse.com/1046610"},{"category":"self","summary":"SUSE Bug 1060799","url":"https://bugzilla.suse.com/1060799"},{"category":"self","summary":"SUSE Bug 1064206","url":"https://bugzilla.suse.com/1064206"},{"category":"self","summary":"SUSE Bug 1068032","url":"https://bugzilla.suse.com/1068032"},{"category":"self","summary":"SUSE Bug 1073059","url":"https://bugzilla.suse.com/1073059"},{"category":"self","summary":"SUSE Bug 1073069","url":"https://bugzilla.suse.com/1073069"},{"category":"self","summary":"SUSE Bug 1075091","url":"https://bugzilla.suse.com/1075091"},{"category":"self","summary":"SUSE Bug 1075428","url":"https://bugzilla.suse.com/1075428"},{"category":"self","summary":"SUSE Bug 1075994","url":"https://bugzilla.suse.com/1075994"},{"category":"self","summary":"SUSE Bug 1076033","url":"https://bugzilla.suse.com/1076033"},{"category":"self","summary":"SUSE Bug 1077560","url":"https://bugzilla.suse.com/1077560"},{"category":"self","summary":"SUSE Bug 1083125","url":"https://bugzilla.suse.com/1083125"},{"category":"self","summary":"SUSE Bug 1083574","url":"https://bugzilla.suse.com/1083574"},{"category":"self","summary":"SUSE Bug 1083745","url":"https://bugzilla.suse.com/1083745"},{"category":"self","summary":"SUSE Bug 1083836","url":"https://bugzilla.suse.com/1083836"},{"category":"self","summary":"SUSE Bug 1084223","url":"https://bugzilla.suse.com/1084223"},{"category":"self","summary":"SUSE Bug 1084310","url":"https://bugzilla.suse.com/1084310"},{"category":"self","summary":"SUSE Bug 1084328","url":"https://bugzilla.suse.com/1084328"},{"category":"self","summary":"SUSE Bug 1084353","url":"https://bugzilla.suse.com/1084353"},{"category":"self","summary":"SUSE Bug 1084452","url":"https://bugzilla.suse.com/1084452"},{"category":"self","summary":"SUSE Bug 1084610","url":"https://bugzilla.suse.com/1084610"},{"category":"self","summary":"SUSE Bug 1084699","url":"https://bugzilla.suse.com/1084699"},{"category":"self","summary":"SUSE Bug 1084721","url":"https://bugzilla.suse.com/1084721"},{"category":"self","summary":"SUSE Bug 1084829","url":"https://bugzilla.suse.com/1084829"},{"category":"self","summary":"SUSE Bug 1084889","url":"https://bugzilla.suse.com/1084889"},{"category":"self","summary":"SUSE Bug 1084898","url":"https://bugzilla.suse.com/1084898"},{"category":"self","summary":"SUSE Bug 1084914","url":"https://bugzilla.suse.com/1084914"},{"category":"self","summary":"SUSE Bug 1084918","url":"https://bugzilla.suse.com/1084918"},{"category":"self","summary":"SUSE Bug 1084967","url":"https://bugzilla.suse.com/1084967"},{"category":"self","summary":"SUSE Bug 1085042","url":"https://bugzilla.suse.com/1085042"},{"category":"self","summary":"SUSE Bug 1085058","url":"https://bugzilla.suse.com/1085058"},{"category":"self","summary":"SUSE Bug 1085185","url":"https://bugzilla.suse.com/1085185"},{"category":"self","summary":"SUSE Bug 1085224","url":"https://bugzilla.suse.com/1085224"},{"category":"self","summary":"SUSE Bug 1085383","url":"https://bugzilla.suse.com/1085383"},{"category":"self","summary":"SUSE Bug 1085402","url":"https://bugzilla.suse.com/1085402"},{"category":"self","summary":"SUSE Bug 1085404","url":"https://bugzilla.suse.com/1085404"},{"category":"self","summary":"SUSE Bug 1085487","url":"https://bugzilla.suse.com/1085487"},{"category":"self","summary":"SUSE Bug 1085507","url":"https://bugzilla.suse.com/1085507"},{"category":"self","summary":"SUSE Bug 1085511","url":"https://bugzilla.suse.com/1085511"},{"category":"self","summary":"SUSE Bug 1085679","url":"https://bugzilla.suse.com/1085679"},{"category":"self","summary":"SUSE Bug 1085958","url":"https://bugzilla.suse.com/1085958"},{"category":"self","summary":"SUSE Bug 1085981","url":"https://bugzilla.suse.com/1085981"},{"category":"self","summary":"SUSE Bug 1086015","url":"https://bugzilla.suse.com/1086015"},{"category":"self","summary":"SUSE Bug 1086162","url":"https://bugzilla.suse.com/1086162"},{"category":"self","summary":"SUSE Bug 1086194","url":"https://bugzilla.suse.com/1086194"},{"category":"self","summary":"SUSE Bug 1086357","url":"https://bugzilla.suse.com/1086357"},{"category":"self","summary":"SUSE Bug 1086499","url":"https://bugzilla.suse.com/1086499"},{"category":"self","summary":"SUSE Bug 1086518","url":"https://bugzilla.suse.com/1086518"},{"category":"self","summary":"SUSE Bug 1086607","url":"https://bugzilla.suse.com/1086607"},{"category":"self","summary":"SUSE Bug 1087088","url":"https://bugzilla.suse.com/1087088"},{"category":"self","summary":"SUSE Bug 1087211","url":"https://bugzilla.suse.com/1087211"},{"category":"self","summary":"SUSE Bug 1087231","url":"https://bugzilla.suse.com/1087231"},{"category":"self","summary":"SUSE Bug 1087260","url":"https://bugzilla.suse.com/1087260"},{"category":"self","summary":"SUSE Bug 1087274","url":"https://bugzilla.suse.com/1087274"},{"category":"self","summary":"SUSE Bug 1087659","url":"https://bugzilla.suse.com/1087659"},{"category":"self","summary":"SUSE Bug 1087845","url":"https://bugzilla.suse.com/1087845"},{"category":"self","summary":"SUSE Bug 1087906","url":"https://bugzilla.suse.com/1087906"},{"category":"self","summary":"SUSE Bug 1087999","url":"https://bugzilla.suse.com/1087999"},{"category":"self","summary":"SUSE Bug 1088050","url":"https://bugzilla.suse.com/1088050"},{"category":"self","summary":"SUSE Bug 1088087","url":"https://bugzilla.suse.com/1088087"},{"category":"self","summary":"SUSE Bug 1088242","url":"https://bugzilla.suse.com/1088242"},{"category":"self","summary":"SUSE Bug 1088267","url":"https://bugzilla.suse.com/1088267"},{"category":"self","summary":"SUSE Bug 1088313","url":"https://bugzilla.suse.com/1088313"},{"category":"self","summary":"SUSE Bug 1088324","url":"https://bugzilla.suse.com/1088324"},{"category":"self","summary":"SUSE Bug 1088600","url":"https://bugzilla.suse.com/1088600"},{"category":"self","summary":"SUSE Bug 1088684","url":"https://bugzilla.suse.com/1088684"},{"category":"self","summary":"SUSE Bug 1088865","url":"https://bugzilla.suse.com/1088865"},{"category":"self","summary":"SUSE Bug 1088871","url":"https://bugzilla.suse.com/1088871"},{"category":"self","summary":"SUSE Bug 1089198","url":"https://bugzilla.suse.com/1089198"},{"category":"self","summary":"SUSE Bug 1089608","url":"https://bugzilla.suse.com/1089608"},{"category":"self","summary":"SUSE Bug 1089644","url":"https://bugzilla.suse.com/1089644"},{"category":"self","summary":"SUSE Bug 1089752","url":"https://bugzilla.suse.com/1089752"},{"category":"self","summary":"SUSE Bug 1089925","url":"https://bugzilla.suse.com/1089925"},{"category":"self","summary":"SUSE Bug 802154","url":"https://bugzilla.suse.com/802154"},{"category":"self","summary":"SUSE Bug 810912","url":"https://bugzilla.suse.com/810912"},{"category":"self","summary":"SUSE Bug 812592","url":"https://bugzilla.suse.com/812592"},{"category":"self","summary":"SUSE Bug 813453","url":"https://bugzilla.suse.com/813453"},{"category":"self","summary":"SUSE Bug 880131","url":"https://bugzilla.suse.com/880131"},{"category":"self","summary":"SUSE Bug 966170","url":"https://bugzilla.suse.com/966170"},{"category":"self","summary":"SUSE Bug 966172","url":"https://bugzilla.suse.com/966172"},{"category":"self","summary":"SUSE Bug 966186","url":"https://bugzilla.suse.com/966186"},{"category":"self","summary":"SUSE Bug 966191","url":"https://bugzilla.suse.com/966191"},{"category":"self","summary":"SUSE Bug 969476","url":"https://bugzilla.suse.com/969476"},{"category":"self","summary":"SUSE Bug 969477","url":"https://bugzilla.suse.com/969477"},{"category":"self","summary":"SUSE Bug 981348","url":"https://bugzilla.suse.com/981348"},{"category":"self","summary":"SUSE CVE CVE-2017-18257 page","url":"https://www.suse.com/security/cve/CVE-2017-18257/"},{"category":"self","summary":"SUSE CVE CVE-2018-10087 page","url":"https://www.suse.com/security/cve/CVE-2018-10087/"},{"category":"self","summary":"SUSE CVE CVE-2018-10124 page","url":"https://www.suse.com/security/cve/CVE-2018-10124/"},{"category":"self","summary":"SUSE CVE CVE-2018-1091 page","url":"https://www.suse.com/security/cve/CVE-2018-1091/"},{"category":"self","summary":"SUSE CVE CVE-2018-7740 page","url":"https://www.suse.com/security/cve/CVE-2018-7740/"},{"category":"self","summary":"SUSE CVE CVE-2018-8043 page","url":"https://www.suse.com/security/cve/CVE-2018-8043/"},{"category":"self","summary":"SUSE CVE CVE-2018-8822 page","url":"https://www.suse.com/security/cve/CVE-2018-8822/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2018-05-11T11:30:49Z","generator":{"date":"2018-05-11T11:30:49Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:1217-1","initial_release_date":"2018-05-11T11:30:49Z","revision_history":[{"date":"2018-05-11T11:30:49Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-rt-4.4.128-3.11.1.noarch","product":{"name":"kernel-devel-rt-4.4.128-3.11.1.noarch","product_id":"kernel-devel-rt-4.4.128-3.11.1.noarch"}},{"category":"product_version","name":"kernel-source-rt-4.4.128-3.11.1.noarch","product":{"name":"kernel-source-rt-4.4.128-3.11.1.noarch","product_id":"kernel-source-rt-4.4.128-3.11.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","product":{"name":"cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","product_id":"cluster-md-kmp-rt-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"dlm-kmp-rt-4.4.128-3.11.1.x86_64","product":{"name":"dlm-kmp-rt-4.4.128-3.11.1.x86_64","product_id":"dlm-kmp-rt-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"gfs2-kmp-rt-4.4.128-3.11.1.x86_64","product":{"name":"gfs2-kmp-rt-4.4.128-3.11.1.x86_64","product_id":"gfs2-kmp-rt-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"kernel-rt-4.4.128-3.11.1.x86_64","product":{"name":"kernel-rt-4.4.128-3.11.1.x86_64","product_id":"kernel-rt-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-4.4.128-3.11.1.x86_64","product":{"name":"kernel-rt-base-4.4.128-3.11.1.x86_64","product_id":"kernel-rt-base-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-4.4.128-3.11.1.x86_64","product":{"name":"kernel-rt-devel-4.4.128-3.11.1.x86_64","product_id":"kernel-rt-devel-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","product":{"name":"kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","product_id":"kernel-rt_debug-devel-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-4.4.128-3.11.1.x86_64","product":{"name":"kernel-syms-rt-4.4.128-3.11.1.x86_64","product_id":"kernel-syms-rt-4.4.128-3.11.1.x86_64"}},{"category":"product_version","name":"ocfs2-kmp-rt-4.4.128-3.11.1.x86_64","product":{"name":"ocfs2-kmp-rt-4.4.128-3.11.1.x86_64","product_id":"ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 12 SP3","product":{"name":"SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-linux-enterprise-rt:12:sp3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cluster-md-kmp-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64"},"product_reference":"cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"dlm-kmp-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64"},"product_reference":"dlm-kmp-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"gfs2-kmp-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64"},"product_reference":"gfs2-kmp-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-rt-4.4.128-3.11.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch"},"product_reference":"kernel-devel-rt-4.4.128-3.11.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64"},"product_reference":"kernel-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64"},"product_reference":"kernel-rt-base-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64"},"product_reference":"kernel-rt-devel-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_debug-devel-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64"},"product_reference":"kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-4.4.128-3.11.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch"},"product_reference":"kernel-source-rt-4.4.128-3.11.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64"},"product_reference":"kernel-syms-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"ocfs2-kmp-rt-4.4.128-3.11.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3","product_id":"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"},"product_reference":"ocfs2-kmp-rt-4.4.128-3.11.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 12 SP3"}]},"vulnerabilities":[{"cve":"CVE-2017-18257","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-18257"}],"notes":[{"category":"general","text":"The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-18257","url":"https://www.suse.com/security/cve/CVE-2017-18257"},{"category":"external","summary":"SUSE Bug 1088241 for CVE-2017-18257","url":"https://bugzilla.suse.com/1088241"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"moderate"}],"title":"CVE-2017-18257"},{"cve":"CVE-2018-10087","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-10087"}],"notes":[{"category":"general","text":"The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-10087","url":"https://www.suse.com/security/cve/CVE-2018-10087"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-10087","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1089608 for CVE-2018-10087","url":"https://bugzilla.suse.com/1089608"},{"category":"external","summary":"SUSE Bug 1091815 for CVE-2018-10087","url":"https://bugzilla.suse.com/1091815"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"moderate"}],"title":"CVE-2018-10087"},{"cve":"CVE-2018-10124","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-10124"}],"notes":[{"category":"general","text":"The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-10124","url":"https://www.suse.com/security/cve/CVE-2018-10124"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-10124","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1089752 for CVE-2018-10124","url":"https://bugzilla.suse.com/1089752"},{"category":"external","summary":"SUSE Bug 1091815 for CVE-2018-10124","url":"https://bugzilla.suse.com/1091815"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"moderate"}],"title":"CVE-2018-10124"},{"cve":"CVE-2018-1091","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-1091"}],"notes":[{"category":"general","text":"In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-1091","url":"https://www.suse.com/security/cve/CVE-2018-1091"},{"category":"external","summary":"SUSE Bug 1087231 for CVE-2018-1091","url":"https://bugzilla.suse.com/1087231"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.7,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"low"}],"title":"CVE-2018-1091"},{"cve":"CVE-2018-7740","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-7740"}],"notes":[{"category":"general","text":"The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-7740","url":"https://www.suse.com/security/cve/CVE-2018-7740"},{"category":"external","summary":"SUSE Bug 1084353 for CVE-2018-7740","url":"https://bugzilla.suse.com/1084353"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"moderate"}],"title":"CVE-2018-7740"},{"cve":"CVE-2018-8043","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-8043"}],"notes":[{"category":"general","text":"The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-8043","url":"https://www.suse.com/security/cve/CVE-2018-8043"},{"category":"external","summary":"SUSE Bug 1084829 for CVE-2018-8043","url":"https://bugzilla.suse.com/1084829"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":0,"baseSeverity":"NONE","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"low"}],"title":"CVE-2018-8043"},{"cve":"CVE-2018-8822","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-8822"}],"notes":[{"category":"general","text":"Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-8822","url":"https://www.suse.com/security/cve/CVE-2018-8822"},{"category":"external","summary":"SUSE Bug 1086162 for CVE-2018-8822","url":"https://bugzilla.suse.com/1086162"},{"category":"external","summary":"SUSE Bug 1090404 for CVE-2018-8822","url":"https://bugzilla.suse.com/1090404"},{"category":"external","summary":"SUSE Bug 1091815 for CVE-2018-8822","url":"https://bugzilla.suse.com/1091815"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.128-3.11.1.noarch","SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.128-3.11.1.x86_64","SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.128-3.11.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-05-11T11:30:49Z","details":"moderate"}],"title":"CVE-2018-8822"}]}