Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2019:1854-1
Rating: important
References: #1051510 #1071995 #1088047 #1098633 #1103990 #1103991 #1103992 #1106383 #1109837 #1111666 #1112374 #1114685 #1119113 #1119532 #1120423 #1125703 #1128902 #1130836 #1131645 #1132390 #1133401 #1133738 #1134303 #1134395 #1135556 #1135642 #1135897 #1136161 #1136264 #1136343 #1136935 #1137625 #1137728 #1138879 #1139712 #1139751 #1139771 #1139865 #1140133 #1140228 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140575 #1140577 #1140637 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992
Cross-References: CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 15-SP1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise High Availability 15-SP1

An update that solves 6 vulnerabilities and has 69 fixes is now available.

Description:



The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

  • CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).
  • CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).
  • CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).
  • CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
  • CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).
  • CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).

The following non-security bugs were fixed:
  • Abort file_remove_privs() for non-reg. files (bsc#1140888).
  • acpica: Clear status of GPEs on first direct enable (bsc#1111666).
  • acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510).
  • acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510).
  • alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).
  • alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).
  • alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).
  • alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).
  • alsa: line6: Fix write on zero-sized buffer (bsc#1051510).
  • alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).
  • alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666).
  • alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).
  • apparmor: enforce nullbyte at end of tag string (bsc#1051510).
  • asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666).
  • ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).
  • Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712).
  • blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).
  • block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).
  • bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).
  • bpf, devmap: Add missing bulk queue free (bsc#1109837).
  • bpf, devmap: Add missing RCU read lock on flush (bsc#1109837).
  • bpf, devmap: Fix premature entry free on destroying map (bsc#1109837).
  • bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837).
  • bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837).
  • bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837).
  • bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837).
  • bpf: sockmap remove duplicate queue free (bsc#1109837).
  • bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837).
  • can: af_can: Fix error path of can_init() (bsc#1051510).
  • can: flexcan: fix timeout when set small bitrate (bsc#1051510).
  • can: purge socket error queue on sock destruct (bsc#1051510).
  • ceph: flush dirty inodes before proceeding with remount (bsc#1140405).
  • clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510).
  • clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).
  • coresight: etb10: Fix handling of perf mode (bsc#1051510).
  • coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).
  • crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).
  • crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).
  • crypto: user - prevent operating on larval algorithms (bsc#1133401).
  • dax: Fix xarray entry association for mixed mappings (bsc#1140893).
  • Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948).
  • device core: Consolidate locking and unlocking of parent and device (bsc#1106383).
  • dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).
  • doc: Cope with the deprecation of AutoReporter (bsc#1051510).
  • documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187).
  • documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954).
  • driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).
  • driver core: Probe devices asynchronously instead of the driver (bsc#1106383).
  • drivers/base/devres: introduce devm_release_action() (bsc#1103992).
  • drivers/base: Introduce kill_device() (bsc#1139865).
  • drivers/base: kABI fixes for struct device_private (bsc#1106383).
  • drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).
  • drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510).
  • drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666).
  • drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666).
  • drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).
  • drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666).
  • drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666).
  • drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666).
  • drm: Fix drm_release() and device unplug (bsc#1111666).
  • drm/i915/dmc: protect against reading random memory (bsc#1051510).
  • drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).
  • drm/imx: notify drm core before sending event during crtc disable (bsc#1111666).
  • drm/imx: only send event on crtc disable if kept disabled (bsc#1111666).
  • drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666).
  • drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666).
  • drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666).
  • drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666).
  • ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891).
  • failover: allow name change on IFF_UP slave interfaces (bsc#1109837).
  • fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889).
  • fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887).
  • fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887).
  • ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995).
  • genirq: Prevent use-after-free and work list corruption (bsc#1051510).
  • genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).
  • genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).
  • gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510).
  • hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)).
  • hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)).
  • i2c: acorn: fix i2c warning (bsc#1135642).
  • i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374).
  • i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374).
  • i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374).
  • i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374).
  • i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374).
  • i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374).
  • ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685).
  • ib/hfi1: Create inline to get extended headers (bsc#1114685 ).
  • ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ).
  • ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ).
  • input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).
  • input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).
  • iommu/amd: Make iommu_disable safer (bsc#1140955).
  • iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510).
  • iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956).
  • iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666).
  • iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510).
  • iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510).
  • iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957).
  • iommu: Use right function to get group for device (bsc#1140958).
  • iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959).
  • iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960).
  • iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961).
  • iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962).
  • iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964).
  • iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666).
  • irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510).
  • irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510).
  • ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228).
  • kabi fixup blk_mq_register_dev() (bsc#1140637).
  • kernel-binary: fix missing \
  • kernel-binary: rpm does not support multiline condition
  • kernel-binary: Use -c grep option in klp project detection.
  • kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971).
  • kvm: x86: fix return value for reserved EFER (bsc#1140992).
  • kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972).
  • libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).
  • libceph: assign cookies in linger_submit() (bsc#1135897).
  • libceph: check reply num_data_items in setup_request_data() (bsc#1135897).
  • libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).
  • libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).
  • libceph: introduce alloc_watch_request() (bsc#1135897).
  • libceph: introduce ceph_pagelist_alloc() (bsc#1135897).
  • libceph: preallocate message data items (bsc#1135897).
  • libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master.
  • libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).
  • libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).
  • libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).
  • mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).
  • mac80211: drop robust management frames from unknown TA (bsc#1051510).
  • mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).
  • media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).
  • mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510).
  • mISDN: make sure device name is NUL terminated (bsc#1051510).
  • mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374).
  • mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374).
  • mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374).
  • mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374).
  • mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374).
  • mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).
  • mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374).
  • mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).
  • mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374).
  • mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374).
  • mmc: core: complete HS400 before checking status (bsc#1111666).
  • mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).
  • mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992).
  • mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)).
  • mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)).
  • mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)).
  • net: core: support XDP generic on stacked devices (bsc#1109837).
  • net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990).
  • net: ena: add ethtool function for changing io queue sizes (bsc#1138879).
  • net: ena: add good checksum counter (bsc#1138879).
  • net: ena: add handling of llq max tx burst size (bsc#1138879).
  • net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879).
  • net: ena: add newline at the end of pr_err prints (bsc#1138879).
  • net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879).
  • net: ena: allow automatic fallback to polling mode (bsc#1138879).
  • net: ena: allow queue allocation backoff when low on memory (bsc#1138879).
  • net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879).
  • net: ena: enable negotiating larger Rx ring size (bsc#1138879).
  • net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879).
  • net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879).
  • net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879).
  • net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879).
  • net: ena: fix incorrect test of supported hash function (bsc#1138879).
  • net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879).
  • net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879).
  • net: ena: gcc 8: fix compilation warning (bsc#1138879).
  • net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879).
  • net: ena: make ethtool show correct current and max queue sizes (bsc#1138879).
  • net: ena: optimise calculations for CQ doorbell (bsc#1138879).
  • net: ena: remove inline keyword from functions in *.c (bsc#1138879).
  • net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879).
  • net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879).
  • net: ena: use dev_info_once instead of static variable (bsc#1138879).
  • net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836).
  • net: Fix missing meta data in skb with vlan packet (bsc#1109837).
  • net/mlx5: Avoid reloading already removed devices (bsc#1103990 ).
  • net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990).
  • net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ).
  • net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990).
  • net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ).
  • net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837).
  • net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ).
  • net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990).
  • net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ).
  • net/mlx5: Set completion EQs as shared resources (bsc#1103991 ).
  • net/mlx5: Update pci error handler entries and command translation (bsc#1103991).
  • net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
  • net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).
  • net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
  • net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).
  • net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
  • net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).
  • net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113).
  • net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837).
  • net/sched: cbs: fix port_rate miscalculation (bsc#1109837).
  • net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837).
  • net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837).
  • net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837).
  • net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837).
  • net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837).
  • net/tls: do not leak IV and record seq when offload fails (bsc#1109837).
  • net/tls: do not leak partially sent record in device mode (bsc#1109837).
  • net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837).
  • net/tls: fix copy to fragments in reencrypt (bsc#1109837).
  • net/tls: fix page double free on TX cleanup (bsc#1109837).
  • net/tls: fix refcount adjustment in fallback (bsc#1109837).
  • net/tls: fix state removal with feature flags off (bsc#1109837).
  • net/tls: fix the IV leaks (bsc#1109837).
  • net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837).
  • net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837).
  • net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837).
  • nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).
  • nfit/ars: Avoid stale ARS results (jsc#SLE-5433).
  • nfit/ars: Introduce scrub_flags (jsc#SLE-5433).
  • nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837).
  • nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837).
  • ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).
  • nvme: copy MTFA field from identify controller (bsc#1140715).
  • nvme-rdma: fix double freeing of async event data (bsc#1120423).
  • nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).
  • ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).
  • pci: Do not poll for PME if the device is in D3cold (bsc#1051510).
  • pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992).
  • pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).
  • pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).
  • pinctrl/amd: add get_direction handler (bsc#1140463).
  • pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463).
  • pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463).
  • pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463).
  • pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463).
  • pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463).
  • pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666).
  • powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).
  • powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).
  • powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).
  • ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159).
  • ppp: mppe: Add softdep to arc4 (bsc#1088047).
  • ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes).
  • ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes).
  • pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666).
  • qmi_wwan: Fix out-of-bounds read (bsc#1111666).
  • rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992).
  • rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991).
  • rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991).
  • rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992).
  • regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510).
  • Replace the bluetooth fix with the upstream commit (bsc#1135556)
  • Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879).
  • Revert "net/mlx5e: Enable reporting checksum unnecessary also for L3 packets" (bsc#1103990).
  • Revert "Revert "Drop multiversion(kernel) from the KMP template ()""
  • Revert "Sign non-x86 kernels when possible (boo#1134303)" This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now.
  • Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133).
  • rpm/package-descriptions: fix typo in kernel-azure
  • rpm/post.sh: correct typo in err msg (bsc#1137625)
  • sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).
  • scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.
  • scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes
  • scripts/git_sort/git_sort.py: drop old scsi branches
  • scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161).
  • scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161).
  • scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161).
  • scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161).
  • scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161).
  • scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
  • scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).
  • scsi: be2iscsi: fix spelling mistake "Retreiving" -> "Retrieving" (jsc#SLE-4721 bsc#1136264).
  • scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264).
  • scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264).
  • scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264).
  • scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).
  • scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343).
  • scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343).
  • scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717).
  • scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717).
  • scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).
  • scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).
  • scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
  • scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).
  • signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes).
  • staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).
  • staging:iio:ad7150: fix threshold mode config bit (bsc#1051510).
  • svm: Add warning message for AVIC IPI invalid target (bsc#1140133).
  • svm: Fix AVIC incomplete IPI emulation (bsc#1140133).
  • sysctl: handle overflow in proc_get_long (bsc#1051510).
  • tools: bpftool: fix infinite loop in map create (bsc#1109837).
  • tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).
  • typec: tcpm: fix compiler warning about stupid things (git-fixes).
  • usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).
  • usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).
  • usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).
  • usbnet: ipheth: fix racing condition (bsc#1051510).
  • usb: serial: fix initial-termios handling (bsc#1135642).
  • usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).
  • usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).
  • usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).
  • usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).
  • x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187).
  • x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187).
  • x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187).
  • x86/umwait: Initialize umwait control values (jsc#SLE-5187).
  • xdp: check device pointer before clearing (bsc#1109837).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Workstation Extension 15-SP1:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1854=1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1
  • SUSE Linux Enterprise High Availability 15-SP1:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1

Package List:

  • SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • kernel-default-extra-4.12.14-197.10.1
    • kernel-default-extra-debuginfo-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • kernel-obs-qa-4.12.14-197.10.1
    • kernel-vanilla-4.12.14-197.10.1
    • kernel-vanilla-base-4.12.14-197.10.1
    • kernel-vanilla-base-debuginfo-4.12.14-197.10.1
    • kernel-vanilla-debuginfo-4.12.14-197.10.1
    • kernel-vanilla-debugsource-4.12.14-197.10.1
    • kernel-vanilla-devel-4.12.14-197.10.1
    • kernel-vanilla-devel-debuginfo-4.12.14-197.10.1
    • kernel-vanilla-livepatch-devel-4.12.14-197.10.1
    • kselftests-kmp-default-4.12.14-197.10.1
    • kselftests-kmp-default-debuginfo-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):
    • kernel-debug-4.12.14-197.10.1
    • kernel-debug-base-4.12.14-197.10.1
    • kernel-debug-base-debuginfo-4.12.14-197.10.1
    • kernel-debug-debuginfo-4.12.14-197.10.1
    • kernel-debug-debugsource-4.12.14-197.10.1
    • kernel-debug-devel-4.12.14-197.10.1
    • kernel-debug-devel-debuginfo-4.12.14-197.10.1
    • kernel-debug-livepatch-devel-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):
    • kernel-default-livepatch-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64):
    • dtb-al-4.12.14-197.10.1
    • dtb-allwinner-4.12.14-197.10.1
    • dtb-altera-4.12.14-197.10.1
    • dtb-amd-4.12.14-197.10.1
    • dtb-amlogic-4.12.14-197.10.1
    • dtb-apm-4.12.14-197.10.1
    • dtb-arm-4.12.14-197.10.1
    • dtb-broadcom-4.12.14-197.10.1
    • dtb-cavium-4.12.14-197.10.1
    • dtb-exynos-4.12.14-197.10.1
    • dtb-freescale-4.12.14-197.10.1
    • dtb-hisilicon-4.12.14-197.10.1
    • dtb-lg-4.12.14-197.10.1
    • dtb-marvell-4.12.14-197.10.1
    • dtb-mediatek-4.12.14-197.10.1
    • dtb-nvidia-4.12.14-197.10.1
    • dtb-qcom-4.12.14-197.10.1
    • dtb-renesas-4.12.14-197.10.1
    • dtb-rockchip-4.12.14-197.10.1
    • dtb-socionext-4.12.14-197.10.1
    • dtb-sprd-4.12.14-197.10.1
    • dtb-xilinx-4.12.14-197.10.1
    • dtb-zte-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
    • kernel-docs-html-4.12.14-197.10.1
    • kernel-source-vanilla-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    • kernel-kvmsmall-4.12.14-197.10.1
    • kernel-kvmsmall-base-4.12.14-197.10.1
    • kernel-kvmsmall-base-debuginfo-4.12.14-197.10.1
    • kernel-kvmsmall-debuginfo-4.12.14-197.10.1
    • kernel-kvmsmall-debugsource-4.12.14-197.10.1
    • kernel-kvmsmall-devel-4.12.14-197.10.1
    • kernel-kvmsmall-devel-debuginfo-4.12.14-197.10.1
    • kernel-kvmsmall-livepatch-devel-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):
    • kernel-zfcpdump-debuginfo-4.12.14-197.10.1
    • kernel-zfcpdump-debugsource-4.12.14-197.10.1
    • kernel-zfcpdump-man-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • kernel-default-livepatch-4.12.14-197.10.1
    • kernel-default-livepatch-devel-4.12.14-197.10.1
    • kernel-livepatch-4_12_14-197_10-default-1-3.3.1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • reiserfs-kmp-default-4.12.14-197.10.1
    • reiserfs-kmp-default-debuginfo-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-obs-build-4.12.14-197.10.1
    • kernel-obs-build-debugsource-4.12.14-197.10.1
    • kernel-syms-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
    • kernel-docs-4.12.14-197.10.1
    • kernel-source-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    • kernel-default-4.12.14-197.10.1
    • kernel-default-base-4.12.14-197.10.1
    • kernel-default-base-debuginfo-4.12.14-197.10.1
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • kernel-default-devel-4.12.14-197.10.1
    • kernel-default-devel-debuginfo-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
    • kernel-devel-4.12.14-197.10.1
    • kernel-macros-4.12.14-197.10.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
    • kernel-default-man-4.12.14-197.10.1
    • kernel-zfcpdump-4.12.14-197.10.1
    • kernel-zfcpdump-debuginfo-4.12.14-197.10.1
    • kernel-zfcpdump-debugsource-4.12.14-197.10.1
  • SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
    • cluster-md-kmp-default-4.12.14-197.10.1
    • cluster-md-kmp-default-debuginfo-4.12.14-197.10.1
    • dlm-kmp-default-4.12.14-197.10.1
    • dlm-kmp-default-debuginfo-4.12.14-197.10.1
    • gfs2-kmp-default-4.12.14-197.10.1
    • gfs2-kmp-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debuginfo-4.12.14-197.10.1
    • kernel-default-debugsource-4.12.14-197.10.1
    • ocfs2-kmp-default-4.12.14-197.10.1
    • ocfs2-kmp-default-debuginfo-4.12.14-197.10.1

References: