Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2019:3294-1
Rating:	important
References:	bsc#1046299 bsc#1046303 bsc#1046305 bsc#1048942 bsc#1050244 bsc#1050536 bsc#1050545 bsc#1051510 bsc#1055186 bsc#1061840 bsc#1064802 bsc#1065600 bsc#1066129 bsc#1073513 bsc#1082635 bsc#1083647 bsc#1086323 bsc#1087092 bsc#1089644 bsc#1090631 bsc#1091041 bsc#1093205 bsc#1096254 bsc#1097583 bsc#1097584 bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1098291 bsc#1101674 bsc#1109158 bsc#1114279 bsc#1117665 bsc#1119461 bsc#1119465 bsc#1122363 bsc#1123034 bsc#1123080 bsc#1127155 bsc#1131107 bsc#1133140 bsc#1134303 bsc#1135642 bsc#1135854 bsc#1135873 bsc#1135966 bsc#1135967 bsc#1137040 bsc#1137799 bsc#1137861 bsc#1138190 bsc#1139073 bsc#1140090 bsc#1140729 bsc#1140845 bsc#1140883 bsc#1141600 bsc#1142635 bsc#1142667 bsc#1143706 bsc#1144338 bsc#1144375 bsc#1144449 bsc#1144903 bsc#1145099 bsc#1146612 bsc#1148410 bsc#1149119 bsc#1149448 bsc#1150452 bsc#1150457 bsc#1150465 bsc#1150466 bsc#1150875 bsc#1151225 bsc#1151508 bsc#1151680 bsc#1152497 bsc#1152505 bsc#1152506 bsc#1152624 bsc#1152685 bsc#1152782 bsc#1152788 bsc#1152791 bsc#1153112 bsc#1153158 bsc#1153236 bsc#1153263 bsc#1153476 bsc#1153509 bsc#1153628 bsc#1153646 bsc#1153681 bsc#1153713 bsc#1153717 bsc#1153718 bsc#1153719 bsc#1153811 bsc#1153969 bsc#1154108 bsc#1154124 bsc#1154189 bsc#1154354 bsc#1154372 bsc#1154526 bsc#1154578 bsc#1154607 bsc#1154608 bsc#1154610 bsc#1154611 bsc#1154651 bsc#1154737 bsc#1154747 bsc#1154848 bsc#1154858 bsc#1154905 bsc#1154956 bsc#1154959 bsc#1155021 bsc#1155178 bsc#1155179 bsc#1155184 bsc#1155186 bsc#1155671 bsc#1155692 bsc#1155812 bsc#1155817 bsc#1155836 bsc#1155945 bsc#1155982 bsc#1156187 bsc#1156429 bsc#1156466 bsc#1156494 bsc#1156609 bsc#1156700 bsc#1156729 bsc#1156882
Cross-References:	CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-15916 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18805
CVSS scores:	CVE-2018-12207 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-12207 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-0154 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-0154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-0155 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-0155 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-10220 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-10220 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-11135 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-11135 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2019-15916 ( SUSE ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-15916 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15916 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16231 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-16231 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-16232 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-16232 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-16233 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-16233 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-16234 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-16234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-16995 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16995 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-17055 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-17055 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2019-17056 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2019-17133 ( SUSE ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17133 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17666 ( SUSE ): 5.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2019-17666 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18805 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2019-18805 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Real Time 12 SP4 SUSE Linux Enterprise Server 12 SP4

An update that solves 16 vulnerabilities and has 124 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448).
CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966).
CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967).
CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466).
CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187).
CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782).
CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685).
CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described "Microarchitectural Data Sampling" attack.(bsc#1139073). The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251
CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457).
CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional.
CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903)
CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372).
CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465).
CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452).
CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158).
CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788).

The following non-security bugs were fixed:

9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510).
ACPI / CPPC: do not require the _PSD method (bsc#1051510).
ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510).
ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510).
act_mirred: Fix mirred_init_module error handling (bsc#1051510).
Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES="xz" in config.sh, then mkspec will pass it to the spec file.
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).
ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510).
ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes).
ALSA: hda: Add Cometlake-S PCI ID (git-fixes).
ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510).
ALSA: hda: Add support of Zhaoxin controller (bsc#1051510).
ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).
ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510).
ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836).
ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510).
ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510).
ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510).
ALSA: hda: Flush interrupts on disabling (bsc#1051510).
ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510).
ALSA: hda - Inform too slow responses (bsc#1051510).
ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729).
ALSA: hda/realtek - Add support for ALC623 (bsc#1051510).
ALSA: hda/realtek - Add support for ALC711 (bsc#1051510).
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510).
ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510).
ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510).
ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510).
ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510).
ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510).
ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510).
ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510).
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510).
ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510).
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes).
ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510).
ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510).
ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510).
ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes).
ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes).
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510).
appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30).
arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported.
ASoC: Define a set of DAPM pre/post-up events (bsc#1051510).
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510).
ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510).
ASoC: Intel: NHLT: Fix debug print format (bsc#1051510).
ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510).
ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510).
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510).
ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510).
Blacklist "signal: Correct namespace fixups of si_pid and si_uid" (bsc#1142667)
blk-wbt: abstract out end IO completion handler (bsc#1135873).
blk-wbt: fix has-sleeper queueing check (bsc#1135873).
blk-wbt: improve waking of tasks (bsc#1135873).
blk-wbt: move disable check into get_limit() (bsc#1135873).
blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873).
block: add io timeout to sysfs (bsc#1148410).
block: do not show io_timeout if driver has no timeout handler (bsc#1148410).
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510).
bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ).
bpf: fix use after free in prog symbol exposure (bsc#1083647).
bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15).
Btrfs: bail out gracefully rather than BUG_ON (bsc#1153646).
Btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178).
Btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713).
Btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651).
Btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607).
Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494).
Btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179).
Btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651).
Btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
Btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184).
can: dev: call netif_carrier_off() in