Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2019:1744-1
Rating: important
References: #1051510 #1071995 #1094555 #1111666 #1112374 #1114279 #1128432 #1134730 #1134738 #1135153 #1135296 #1135642 #1136156 #1136157 #1136271 #1136333 #1137103 #1137194 #1137366 #1137884 #1137985 #1138263 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732
Cross-References: CVE-2018-16871 CVE-2019-12614 CVE-2019-12817
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 15-SP1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise High Availability 15-SP1

An update that solves three vulnerabilities and has 26 fixes is now available.

Description:



The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
This update adds support for the Hygon Dhyana CPU (fate#327735).
The following security bugs were fixed:

  • CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).
  • CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).
  • CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).

The following non-security bugs were fixed:
  • 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
  • acpi: Add Hygon Dhyana support (fate#327735).
  • af_key: unconditionally clone on broadcast (bsc#1051510).
  • alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510).
  • alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
  • alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
  • ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
  • ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
  • audit: fix a memory leak bug (bsc#1051510).
  • blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
  • ceph: factor out ceph_lookup_inode() (bsc#1138681).
  • ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
  • ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
  • ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
  • ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681).
  • ceph: quota: fix quota subdir mounts (bsc#1138681).
  • ceph: remove duplicated filelock ref increase (bsc#1138681).
  • cfg80211: fix memory leak of wiphy device name (bsc#1051510).
  • cpufreq: Add Hygon Dhyana support (fate#327735).
  • cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).
  • cpu/topology: Export die_id (jsc#SLE-5454).
  • Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
  • drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
  • drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510).
  • drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
  • drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510).
  • drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
  • drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
  • drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
  • drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).
  • drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).
  • drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510).
  • drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
  • drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666).
  • drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
  • drm/i915: Add new AML_ULX support list (jsc#SLE-4986).
  • drm/i915: Add new ICL PCI ID (jsc#SLE-4986).
  • drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).
  • drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986).
  • drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986).
  • drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).
  • drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).
  • drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986).
  • drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).
  • drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).
  • drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).
  • drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986).
  • drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
  • drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986).
  • drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).
  • drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986).
  • drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).
  • drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986).
  • drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666).
  • drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666).
  • drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
  • drm/mediatek: fix unbind functions (bsc#1111666).
  • drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
  • drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510).
  • drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666).
  • drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666).
  • EDAC, amd64: Add Hygon Dhyana support (fate#327735).
  • EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
  • HID: wacom: Add ability to provide explicit battery status info (bsc#1051510).
  • HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
  • HID: wacom: Add support for Pro Pen slim (bsc#1051510).
  • HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510).
  • HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510).
  • HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510).
  • HID: wacom: Do not set tool type until we're in range (bsc#1051510).
  • HID: wacom: fix mistake in printk (bsc#1051510).
  • HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
  • HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
  • HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510).
  • HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
  • HID: wacom: generic: Report AES battery information (bsc#1051510).
  • HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510).
  • HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510).
  • HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510).
  • HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510).
  • HID: wacom: generic: Support multiple tools per report (bsc#1051510).
  • HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510).
  • HID: wacom: Mark expected switch fall-through (bsc#1051510).
  • HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510).
  • HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510).
  • HID: wacom: Properly handle AES serial number and tool type (bsc#1051510).
  • HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510).
  • HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510).
  • HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510).
  • HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510).
  • HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510).
  • HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
  • HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510).
  • HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
  • HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510).
  • hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
  • hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
  • hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).
  • hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
  • hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735).
  • hwmon: (k10temp) Add support for family 17h (FATE#327735).
  • hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735).
  • hwmon: (k10temp) Add support for temperature offsets (FATE#327735).
  • hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).
  • hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).
  • hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).
  • hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
  • hwmon: (k10temp) Fix reading critical temperature register (FATE#327735).
  • hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).
  • hwmon: (k10temp) Move chip specific code into probe function (FATE#327735).
  • hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735).
  • hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735).
  • hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735).
  • hwmon: (k10temp) Use API function to access System Management Network (FATE#327735).
  • hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).
  • i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
  • ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).
  • ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732).
  • kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056).
  • kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388).
  • kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • kabi/severities: Whitelist airq_iv_* (s390-specific)
  • kABI workaround for asus-wmi changes (bsc#1051510).
  • kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510).
  • kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
  • kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
  • kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).
  • kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).
  • mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
  • mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
  • mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
  • mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510).
  • mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).
  • mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510).
  • module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487).
  • new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
  • nl80211: fix station_info pertid memory leak (bsc#1051510).
  • {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510).
  • nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
  • nvmem: core: fix read buffer in place (bsc#1051510).
  • nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
  • nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510).
  • nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510).
  • nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
  • nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
  • nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510).
  • nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
  • nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
  • nvmem: imx-ocotp: Update module description (bsc#1051510).
  • nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
  • nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432).
  • PCI: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803).
  • PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056).
  • PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).
  • PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
  • perf tools: Add Hygon Dhyana support (fate#327735).
  • perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
  • perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).
  • perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
  • perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).
  • perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
  • platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510).
  • platform_data/mlxreg: Add capability field to core platform data (bsc#1112374).
  • platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374).
  • platform_data/mlxreg: Document fixes for core platform data (bsc#1112374).
  • platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374).
  • platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994).
  • platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666).
  • platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).
  • platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
  • platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226).
  • platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
  • platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
  • platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
  • platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226).
  • platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374).
  • platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374).
  • platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374).
  • platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374).
  • platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374).
  • platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374).
  • platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374).
  • platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374).
  • platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374).
  • platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374).
  • platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374).
  • platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374).
  • platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374).
  • platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374).
  • platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374).
  • platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
  • platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374).
  • platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374).
  • platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
  • platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510).
  • platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
  • platform/x86: mlx-platform: Remove unused define (bsc#1112374).
  • platform/x86: mlx-platform: Rename new systems product names (bsc#1112374).
  • PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510).
  • powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
  • powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
  • powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454).
  • powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199).
  • powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204).
  • powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199).
  • powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199).
  • power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
  • power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
  • qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
  • qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).
  • qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
  • qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
  • qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).
  • qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
  • rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).
  • RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
  • RAS/CEC: Fix binary search function (bsc#1114279).
  • rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
  • Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510).
  • Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510).
  • Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead.
  • s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/dasd: fix using offset into zero size array error (bsc#1051510).
  • s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
  • s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).
  • s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).
  • s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
  • s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).
  • s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
  • s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
  • s390/qeth: fix race when initializing the IP address table (bsc#1051510).
  • s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).
  • s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/setup: fix early warning messages (bsc#1051510).
  • s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388).
  • s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151).
  • s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
  • sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
  • scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
  • scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156).
  • scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271).
  • scsi: megaraid_sas: correct an info message (bsc#1136271).
  • scsi: megaraid_sas: driver version update (bsc#1136271).
  • scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271).
  • scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
  • scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
  • scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271).
  • scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
  • scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
  • scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
  • scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510).
  • scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).
  • scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).
  • scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).
  • serial: sh-sci: disable DMA for uart_console (bsc#1051510).
  • SMB3: Fix endian warning (bsc#1137884).
  • soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).
  • soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
  • spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510).
  • spi: Fix zero length xfer bug (bsc#1051510).
  • spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
  • spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510).
  • spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
  • spi: tegra114: reset controller on probe (bsc#1051510).
  • supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
  • thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
  • thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).
  • thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
  • tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
  • tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
  • tools/cpupower: Add Hygon Dhyana support (fate#327735).
  • topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
  • topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
  • tty: max310x: Fix external crystal register setup (bsc#1051510).
  • usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
  • usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
  • usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
  • vfio: ccw: only free cp on final interrupt (bsc#1051510).
  • video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
  • video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
  • virtio_console: initialize vtermno value for ports (bsc#1051510).
  • vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
  • watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
  • x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
  • x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
  • x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
  • x86/apic: Add Hygon Dhyana support (fate#327735).
  • x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735).
  • x86/cpu: Add Icelake model number (jsc#SLE-5226).
  • x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#1114279).
  • x86/cpu: Create Hygon Dhyana architecture support file (fate#327735).
  • x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
  • x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382).
  • x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).
  • x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735).
  • x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors ().
  • x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735).
  • x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735).
  • x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
  • x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735).
  • x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735).
  • x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
  • x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).
  • x86/microcode: Fix microcode hotplug state (bsc#1114279).
  • x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).
  • x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).
  • x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735).
  • x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735).
  • x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
  • x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).
  • x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
  • x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
  • x86/topology: Define topology_die_id() (jsc#SLE-5454).
  • x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
  • x86/umip: Make the UMIP activated message generic (bsc#1138336).
  • x86/umip: Print UMIP line only once (bsc#1138336).
  • x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
  • x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Workstation Extension 15-SP1:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1
  • SUSE Linux Enterprise High Availability 15-SP1:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1

Package List:

  • SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • kernel-default-extra-4.12.14-197.7.1
    • kernel-default-extra-debuginfo-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • kernel-obs-qa-4.12.14-197.7.1
    • kernel-vanilla-4.12.14-197.7.1
    • kernel-vanilla-base-4.12.14-197.7.1
    • kernel-vanilla-base-debuginfo-4.12.14-197.7.1
    • kernel-vanilla-debuginfo-4.12.14-197.7.1
    • kernel-vanilla-debugsource-4.12.14-197.7.1
    • kernel-vanilla-devel-4.12.14-197.7.1
    • kernel-vanilla-devel-debuginfo-4.12.14-197.7.1
    • kernel-vanilla-livepatch-devel-4.12.14-197.7.1
    • kselftests-kmp-default-4.12.14-197.7.1
    • kselftests-kmp-default-debuginfo-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):
    • kernel-debug-4.12.14-197.7.1
    • kernel-debug-base-4.12.14-197.7.1
    • kernel-debug-base-debuginfo-4.12.14-197.7.1
    • kernel-debug-debuginfo-4.12.14-197.7.1
    • kernel-debug-debugsource-4.12.14-197.7.1
    • kernel-debug-devel-4.12.14-197.7.1
    • kernel-debug-devel-debuginfo-4.12.14-197.7.1
    • kernel-debug-livepatch-devel-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):
    • kernel-default-livepatch-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64):
    • dtb-al-4.12.14-197.7.1
    • dtb-allwinner-4.12.14-197.7.1
    • dtb-altera-4.12.14-197.7.1
    • dtb-amd-4.12.14-197.7.1
    • dtb-amlogic-4.12.14-197.7.1
    • dtb-apm-4.12.14-197.7.1
    • dtb-arm-4.12.14-197.7.1
    • dtb-broadcom-4.12.14-197.7.1
    • dtb-cavium-4.12.14-197.7.1
    • dtb-exynos-4.12.14-197.7.1
    • dtb-freescale-4.12.14-197.7.1
    • dtb-hisilicon-4.12.14-197.7.1
    • dtb-lg-4.12.14-197.7.1
    • dtb-marvell-4.12.14-197.7.1
    • dtb-mediatek-4.12.14-197.7.1
    • dtb-nvidia-4.12.14-197.7.1
    • dtb-qcom-4.12.14-197.7.1
    • dtb-renesas-4.12.14-197.7.1
    • dtb-rockchip-4.12.14-197.7.1
    • dtb-socionext-4.12.14-197.7.1
    • dtb-sprd-4.12.14-197.7.1
    • dtb-xilinx-4.12.14-197.7.1
    • dtb-zte-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
    • kernel-docs-html-4.12.14-197.7.1
    • kernel-source-vanilla-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    • kernel-kvmsmall-4.12.14-197.7.1
    • kernel-kvmsmall-base-4.12.14-197.7.1
    • kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1
    • kernel-kvmsmall-debuginfo-4.12.14-197.7.1
    • kernel-kvmsmall-debugsource-4.12.14-197.7.1
    • kernel-kvmsmall-devel-4.12.14-197.7.1
    • kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1
    • kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):
    • kernel-zfcpdump-debuginfo-4.12.14-197.7.1
    • kernel-zfcpdump-debugsource-4.12.14-197.7.1
    • kernel-zfcpdump-man-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • kernel-default-livepatch-4.12.14-197.7.1
    • kernel-default-livepatch-devel-4.12.14-197.7.1
    • kernel-livepatch-4_12_14-197_7-default-1-3.3.1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • reiserfs-kmp-default-4.12.14-197.7.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-obs-build-4.12.14-197.7.1
    • kernel-obs-build-debugsource-4.12.14-197.7.1
    • kernel-syms-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
    • kernel-docs-4.12.14-197.7.1
    • kernel-source-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-4.12.14-197.7.1
    • kernel-default-base-4.12.14-197.7.1
    • kernel-default-base-debuginfo-4.12.14-197.7.1
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • kernel-default-devel-4.12.14-197.7.1
    • kernel-default-devel-debuginfo-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
    • kernel-devel-4.12.14-197.7.1
    • kernel-macros-4.12.14-197.7.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
    • kernel-default-man-4.12.14-197.7.1
    • kernel-zfcpdump-4.12.14-197.7.1
    • kernel-zfcpdump-debuginfo-4.12.14-197.7.1
    • kernel-zfcpdump-debugsource-4.12.14-197.7.1
  • SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
    • cluster-md-kmp-default-4.12.14-197.7.1
    • cluster-md-kmp-default-debuginfo-4.12.14-197.7.1
    • dlm-kmp-default-4.12.14-197.7.1
    • dlm-kmp-default-debuginfo-4.12.14-197.7.1
    • gfs2-kmp-default-4.12.14-197.7.1
    • gfs2-kmp-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debuginfo-4.12.14-197.7.1
    • kernel-default-debugsource-4.12.14-197.7.1
    • ocfs2-kmp-default-4.12.14-197.7.1
    • ocfs2-kmp-default-debuginfo-4.12.14-197.7.1

References: