The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis . The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka quot;retpolinesquot;. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write . - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference . - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action . - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service or possibly have unspecified other impact because the port-gt;exists value can change after it is validated . - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF"s assigned to guests to send ethernet flow control pause frames via the PF. - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h . - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition . The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule . - alsa: aloop: Fix racy hw constraints adjustment . - alsa: aloop: Release cable upon open error path . - alsa: pcm: Abort properly at pending signal in OSS read/write loops . - alsa: pcm: Add missing error checks in OSS emulation plugin builder . - alsa: pcm: Allow aborting mutex lock at OSS read/write loops . - alsa: pcm: Remove incorrect snd_BUG_ON usages . - alsa: pcm: Remove yet superfluous WARN_ON . - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction . - btrfs: copy fsid to super_block s_uuid . - btrfs: do not wait for all the writers circularly during the transaction commit . - btrfs: do not WARN in btrfs_transaction_abort for IO errors . - btrfs: fix two use-after-free bugs with transaction cleanup . - btrfs: make the state of the transaction more readable . - btrfs: qgroup: exit the rescan worker during umount . - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf return value . - btrfs: reset intwrite on transaction abort . - btrfs: set qgroup_ulist to be null after calling ulist_free . - btrfs: stop waiting on current trans if we aborted . - cdc-acm: apply quirk for card reader . - cdrom: factor out common open_for_* code . - cdrom: wait for tray to close . - delay: add poll_event_interruptible . - dm flakey: add corrupt_bio_byte feature . - dm flakey: add drop_writes . - dm flakey: error READ bios during the down_interval . - dm flakey: fix crash on read when corrupt_bio_byte not set . - dm flakey: fix reads to be issued if drop_writes configured . - dm flakey: introduce quot;error_writesquot; feature . - dm flakey: support feature args . - dm flakey: use dm_target_offset and support discards . - ext2: free memory allocated and forget buffer head when io error happens . - ext2: use unlikely to improve the efficiency of the kernel . - ext3: add necessary check in case IO error happens . - ext3: use unlikely to improve the efficiency of the kernel . - fork: clear thread stack upon allocation . - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map. - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry - kbuild: modversions for EXPORT_SYMBOL for asm . - keys: trusted: fix writing past end of buffer in trusted_read . - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open . - mISDN: fix a loop count . - nfsd: do not share group_info among threads . - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing in downconvert thread . - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once . - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock . - powerpc/64: Add macros for annotating the destination of rfid/hrfid . - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL . - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL . - powerpc/64s: Add EX_SIZE definition for paca exception save areas . - powerpc/64s: Add support for RFI flush of L1-D cache . - powerpc/64s: Allow control of RFI flush via debugfs . - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL . - powerpc/64s: Simple RFI macro conversions . - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti . - powerpc/64s: Wire up cpu_show_meltdown . - powerpc/asm: Allow including ppc_asm.h in asm files . - powerpc: Fix register clobbering when accumulating stolen time . - powerpc: Fix up the kdump base cap to 128M . - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN . - powerpc/perf: Dereference BHRB entries safely . - powerpc/perf: Fix book3s kernel to userspace backtraces . - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags amp; wrapper . - powerpc/pseries: include linux/types.h in asm/hvcall.h . - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS . - powerpc/pseries: Kill all prefetch streams on context switch . - powerpc/pseries: Query hypervisor for RFI flush settings . - powerpc/pseries: rfi-flush: Call setup_rfi_flush after LPM migration . - powerpc/pseries/rfi-flush: Call setup_rfi_flush after LPM migration . - powerpc/pseries/rfi-flush: Drop PVR-based selection . - powerpc/rfi-flush: Add DEBUG_RFI config option . - powerpc/rfi-flush: Factor out init_fallback_flush . - powerpc/rfi-flush: Make setup_rfi_flush not __init . - powerpc/rfi-flush: Move RFI flush fields out of the paca . - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code . - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code . - powerpc/vdso64: Use double word compare on pointers . - rfi-flush: Make DEBUG_RFI a CONFIG option . - rfi-flush: Move rfi_flush_fallback_area to end of paca . - rfi-flush: Move RFI flush fields out of the paca . - rfi-flush: Switch to new linear fallback flush . - s390: add ppa to the idle loop . - s390/cpuinfo: show facilities as reported by stfle . - scsi: libiscsi: fix shifting of DID_REQUEUE host byte . - scsi: sr: wait for the medium to become ready . - scsi: virtio_scsi: let host do exception handling . - storvsc: do not assume SG list is continuous when doing bounce buffers . - sysfs/cpu: Add vulnerability folder . - sysfs/cpu: Fix typos in vulnerability documentation . - sysfs: spectre_v2, handle spec_ctrl . - x86/acpi: Handle SCI interrupts above legacy space gracefully . - x86/acpi: Reduce code duplication in mp_override_legacy_irq . - x86, asm: Extend definitions of _ASM_* with a raw format . - x86/boot: Fix early command-line parsing when matching at end . - x86/cpu: Factor out application of forced CPU caps . - x86/cpu: Implement CPU vulnerabilites sysfs functions . - x86/CPU: Sync CPU feature flags late . - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform . - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check . - x86/microcode/intel: Extend BDW late-loading with a revision check . - x86/microcode: Rescan feature flags upon late loading . - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active . - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly . - x86/spectre_v2: fix ordering in IBRS initialization . - x86/spectre_v2: nospectre_v2 means nospec too . - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL . - mm: pin address_space before dereferencing it while isolating an LRU page .