The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space . - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument . - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value . - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code . - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service . - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call . - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume . - alsa: hda: Add a power_save blacklist . - alsa: usb-audio: Add a quirck for Bamp;W PX headphones . - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux . - arm: mvebu: Fix broken PL310_ERRATA_753970 selects . - kvm: mmu: Fix overlap between public and private memslots . - Partial revert e1000e: Avoid receiver overrun interrupt bursts . - Revert e1000e: Separate signaling for link check/link up . - Revert led: core: Fix brightness setting when setting delay_off=0 . - Revert watchdog: hpwdt: Remove legacy NMI sourcing . This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call . - bridge: check brport attr show in brport_show . - btrfs: Only check first key for committed tree blocks . - btrfs: Validate child tree block"s level and first key . - btrfs: preserve i_mode if __btrfs_set_acl fails . - ch9200: use skb_cow_head to deal with cloned skbs . - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init . - dcache: Add cond_resched in shrink_dentry_list . - dm io: fix duplicate bio completion due to missing ref count . - drm/i915/cmdparser: Do not check past the cmd length . - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit . - e1000e: Avoid missed interrupts following ICR read . - e1000e: Avoid receiver overrun interrupt bursts . - e1000e: Fix check_for_link return value with autoneg off . - e1000e: Fix link check race condition . - e1000e: Fix queue interrupt re-raising in Other interrupt . - e1000e: Remove Other from EIAC . - fib_semantics: Do not match route with mismatching tclassid . - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate . - hdlc_ppp: carrier detect ok, do not turn off negotiation . - hugetlbfs: fix offset overflow in hugetlbfs mmap . - ibmvfc: Avoid unnecessary port relogin . - ibmvnic: Clear pending interrupt after device reset . - ibmvnic: Define vnic_login_client_data name field as unsized array . - ibmvnic: Disable irqs before exiting reset from closed state . - ibmvnic: Do not notify peers on parameter change resets . - ibmvnic: Do not reset CRQ for Mobility driver resets . - ibmvnic: Fix DMA mapping mistakes . - ibmvnic: Fix failover case for non-redundant configuration . - ibmvnic: Fix reset return from closed state . - ibmvnic: Fix reset scheduler error handling . - ibmvnic: Handle all login error conditions . - ibmvnic: Potential NULL dereference in clean_one_tx_pool . - ibmvnic: Remove unused TSO resources in TX pool structure . - ibmvnic: Update TX pool cleaning routine . - ibmvnic: Zero used TX descriptor counter on reset . - ipv6 sit: work around bogus gcc-8 -Wrestrict warning . - kGraft: fix small race in reversion code . - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling . - livepatch: Allow to call a custom callback when freeing shadow variables . - livepatch: Initialize shadow variables safely by a custom callback . - mac80211: do not WARN on bad WMM parameters from buggy APs . - md-cluster: fix wrong condition check in raid1_write_request . - media: au0828: fix VIDEO_V4L2 dependency . - media: cx25821: prevent out-of-bounds read on array card . - media: m88ds3103: do not call a non-initalized function . - media: s3c-camif: fix out-of-bounds array access . - mm/hugetlb.c: do not call region_abort if region_chg fails . - mpls, nospec: Sanitize array index in mpls_label_ok . - net: fix race on decreasing number of TX queues . - net: ipv4: avoid unused variable warning for sysctl . - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 . - net: mpls: Pull common label check into helper . - netlink: ensure to loop over all netns in genlmsg_multicast_allns . - nospec: Allow index argument to have const-qualified type . - perf/x86/intel: Add model number for Skylake Server to perf . - powerpc/crash: Remove the test for cpu_online in the IPI callback . - powerpc: Do not send system reset request through the oops path . - powerpc: System reset avoid interleaving oops using die synchronisation . - ppp: prevent unregistered channels from connecting to PPP units . - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write . - regmap: Do not use format_val in regmap_bulk_read . - regmap: Fix reversed bounds check in regmap_raw_write . - regmap: Format data for raw write in regmap_bulk_write . - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle . - s390/qeth: fix IPA command submission race . - s390/qeth: fix SETIP command handling . - sctp: fix dst refcnt leak in sctp_v4_get_dst . - sctp: fix dst refcnt leak in sctp_v6_get_dst . - sctp: verify size of a new chunk in _sctp_make_chunk . - storvsc: do not schedule work elements during host reset . - storvsc_drv: use embedded work structure for host rescan . - storvsc_drv: use separate workqueue for rescan . - swap: divide-by-zero when zero length swap file on ssd . - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus . - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus . - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus . - udplite: fix partial checksum initialization . - watchdog: hpwdt: Remove legacy NMI sourcing . - x86/apic/vector: Handle legacy irq data correctly . - x86/entry/64: Do not use IST entry for #BP stack . - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage . - x86/kaiser: Remove a user mapping of cpu_tss structure . - x86/kaiser: Use a per-CPU trampoline stack for kernel entry . - x86/kaiser: enforce trampoline stack alignment . - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist . - xen-blkfront: fix mq start/stop race . - xen-netback: use skb to determine number of required guest Rx requests . Special Instructions and Notes: Please reboot the system after installing this update.