The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcp_westwood The following security bugs were fixed: - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call . - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls . - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device . - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service via a crafted ioctl call for a /dev/dri/renderD* device . - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function . - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely . - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c . - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls . - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls . - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 . - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service via vectors involving a TCP packet with the URG flag . - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data . - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations about skb data layout, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission . - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service by leveraging access to a container environment for executing a crafted application . - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulated the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service by leveraging the mishandling of page references . - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service via an application that made an IPV6_RECVPKTINFO setsockopt system call . The following non-security bugs were fixed: - ACPI, ioapic: Clear on-stack resource before using it . - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC . - ACPI: Remove platform devices from a bus on removal . - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL . - NFS: do not try to cross a mountpount when there isn"t one there . - NFS: flush out dirty data on file fput . - PCI: hv: Fix wslot_to_devfn to fix warnings on device removal . - PCI: hv: Use device serial number as PCI domain . - RAID1: a new I/O barrier implementation to remove resync window . - RAID1: avoid unnecessary spin locks in I/O barrier code . - Revert quot;RDMA/core: Fix incorrect structure packing for booleansquot; . - Revert quot;give up on gcc ilog2 constant optimizationsquot; . - Revert quot;net/mlx4_en: Avoid unregister_netdev at shutdown flowquot; . - Revert quot;net: introduce device min_header_lenquot; . - Revert quot;nfit, libnvdimm: fix interleave set cookie calculationquot; . - Revert quot;target: Fix NULL dereference during LUN lookup + active I/O shutdownquot; . - acpi, nfit: fix acpi_nfit_flush_probe crash . - acpi, nfit: fix extended status translations for ACPI DSMs . - arm64: Use full path in KBUILD_IMAGE definition . - arm64: hugetlb: fix the wrong address for several functions . - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags . - arm64: hugetlb: remove the wrong pmd check in find_num_contig . - arm: Use full path in KBUILD_IMAGE definition . - bnx2x: allow adding VLANs while interface is down . - bonding: fix 802.3ad aggregator reselection . - btrfs: Change qgroup_meta_rsv to 64bit . - btrfs: allow unlink to exceed subvolume quota . - btrfs: backref: Fix soft lockup in __merge_refs function . - btrfs: incremental send, do not delay rename when parent inode is new . - btrfs: incremental send, do not issue invalid rmdir operations . - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans . - btrfs: qgroups: Retry after commit on getting EDQUOT . - btrfs: send, fix failure to rename top level inode due to name collision . - btrfs: serialize subvolume mounts with potentially mismatching rw flags - cgroup/pids: remove spurious suspicious RCU usage warning . - crypto: algif_hash - avoid zero-sized array . - cxgb4vf: do not offload Rx checksums for IPv6 fragments . - device-dax: fix private mapping restriction, permit read-only . - drm/i915: Add intel_uncore_suspend / resume functions . - drm/i915: Fix crash after S3 resume with DP MST mode change . - drm/i915: Listen for PMIC bus access notifications . - drm/i915: Only enable hotplug interrupts if the display interrupts are enabled . - drm/mgag200: Added support for the new device G200eH3 - ext4: fix fencepost in s_first_meta_bg validation . - futex: Add missing error handling to FUTEX_REQUEUE_PI . - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI . - hv: export current Hyper-V clocksource . - hv: util: do not forget to init host_ts.lock . - hv: vmbus: Prevent sending data on a rescinded channel . - hv_utils: implement Hyper-V PTP source . - i2c-designware: increase timeout . - i2c: designware-baytrail: Acquire P-Unit access on bus acquire . - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain . - i2c: designware-baytrail: Fix race when resetting the semaphore . - i2c: designware-baytrail: Only check iosf_mbi_available for shared hosts . - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method . - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC . - i2c: designware: Rename accessor_flags to flags . - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off . - kABI: protect struct iscsi_conn . - kABI: protect struct se_node_acl . - kABI: restore can_rx_register parameters . - kgr/module: make a taint flag module-specific - kgr: Mark eeh_event_handler kthread safe using a timeout . - kgr: remove all arch-specific kgraft header files - l2tp: fix address test in __l2tp_ip6_bind_lookup . - l2tp: fix lookup for sockets not bound to a device in l2tp_ip . - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind . - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv . - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 . - l2tp: lock socket before checking flags in connect . - libnvdimm, pfn: fix memmap reservation size versus 4K alignment . - locking/semaphore: Add down_interruptible_timeout . - md/raid1: Refactor raid1_make_request . - md/raid1: add rcu protection to rdev in fix_read_error . - md/raid1: fix a use-after-free bug . - md/raid1: handle flush request correctly . - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp . - mm/memblock.c: fix memblock_next_valid_pfn . - mm/page_alloc: Remove useless parameter of __free_pages_boot_core . - mm: fix set pageblock migratetype in deferred struct page init . - mm: page_alloc: skip over regions of invalid pfns where possible . - module: move add_taint_module to a header file - net/ena: change condition for host attribute configuration . - net/ena: change driver"s default timeouts . - net/ena: fix NULL dereference when removing the driver after device reset failed . - net/ena: fix RSS default hash configuration . - net/ena: fix ethtool RSS flow configuration . - net/ena: fix potential access to freed memory during device reset . - net/ena: fix queues number calculation . - net/ena: reduce the severity of ena printouts . - net/ena: refactor ena_get_stats64 to be atomic context safe . - net/ena: remove ntuple filter support from device feature list . - net/ena: update driver version to 1.1.2 . - net/ena: use READ_ONCE to access completion descriptors . - net/mlx4_core: Avoid command timeouts during VF driver device shutdown . - net/mlx4_core: Avoid delays during VF driver device shutdown . - net/mlx4_core: Fix racy CQ free . - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions . - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs . - net/mlx4_en: Fix bad WQE issue . - net: ena: Fix error return code in ena_device_init . - net: ena: Remove unnecessary pci_set_drvdata . - net: ena: change the return type of ena_set_push_mode to be void . - net: ena: remove superfluous check in ena_remove . - net: ena: use setup_timer and mod_timer . - netfilter: allow logging from non-init namespaces . - nvme: Do not suspend admin queue that wasn"t created . - nvme: Suspend all queues before deletion . - ping: implement proper locking . - powerpc: Blacklist GCC 5.4 6.1 and 6.2 . - rtlwifi: rtl_usb: Fix missing entry in USB driver"s private data . - s390/kmsg: add missing kmsg descriptions . - s390/mm: fix zone calculation in arch_add_memory . - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting . - scsi: do not print "reservation conflict" for TEST UNIT READY . - scsi_dh_alua: Do not modify the interval value for retries . - softirq: Let ksoftirqd do its job . - x86, mm: fix gup_pte_range vs DAX mappings . - x86/apic/uv: Silence a shift wrapping warning . - x86/ioapic: Change prototype of acpi_ioapic_add . - x86/ioapic: Fix IOAPIC failing to request resource . - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources . - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd . - x86/ioapic: Fix setup_res failing to get resource . - x86/ioapic: Ignore root bridges without a companion ACPI device . - x86/ioapic: Simplify ioapic_setup_resources . - x86/ioapic: Support hot-removal of IOAPICs present during boot . - x86/ioapic: fix kABI . - x86/mce: Do not print MCEs when mcelog is active . - x86/mce: Fix copy/paste error in exception table entries - x86/mm/gup: Simplify get_user_pages PTE bit handling . - x86/platform/UV: Add Support for UV4 Hubless NMIs . - x86/platform/UV: Add Support for UV4 Hubless systems . - x86/platform/UV: Add basic CPU NMI health check . - x86/platform/UV: Clean up the NMI code to match current coding style . - x86/platform/UV: Clean up the UV APIC code . - x86/platform/UV: Ensure uv_system_init is called when necessary . - x86/platform/UV: Fix 2 socket config problem . - x86/platform/UV: Fix panic with missing UVsystab support . - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source . - x86/platform/UV: Verify NMI action is valid, default is standard . - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier . - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access . - x86/platform: Remove warning message for duplicate NMI handlers . - x86/ras/therm_throt: Do not log a fake MCE for thermal events . - xen-blkfront: correct maximum segment accounting . - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/blkfront: Fix crash if backend does not follow the right states. - xen/netback: set default upper limit of tx/rx queues to 8 . - xen/netfront: set default upper limit of tx/rx queues to 8 . - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation . - xgene_enet: remove bogus forward declarations .