The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that was mishandled during error processing . - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call . - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel did not set an errno value upon certain overflow detections, which allowed local users to cause a denial of service via inconsistent size values in a VC4_SUBMIT_CL ioctl call . - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a MOV SS, NULL selector instruction, which allowed guest OS users to cause a denial of service or gain guest OS privileges via a crafted application . - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt . - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states there is no kernel bug here . - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated . - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which allowed remote attackers to trigger an out-of-bounds access, leading to a denial-of-service attack . - CVE-2017-5970: Fixed a possible denial-of-service that could have been triggered by sending bad IP options on a socket . - CVE-2017-5986: an application could have triggered a BUG_ON in sctp_wait_for_sndbuf if the socket TX buffer was full, a thread was waiting on it to queue more data, and meanwhile another thread peeled off the association being used by the first thread . The following non-security bugs were fixed: - 8250: fintek: rename IRQ_MODE macro . - acpi: nfit, libnvdimm: fix / harden ars_status output length handling . - acpi: nfit: fix bus vs dimm confusion in xlat_status . - acpi: nfit: validate ars_status output buffer size . - arm64: numa: fix incorrect log for memory-less node . - asoc: cht_bsw_rt5645: Fix leftover kmalloc . - asoc: rt5670: add HS ground control . - bcache: Make gc wakeup sane, remove set_task_state . - bcache: partition support: add 16 minors per bcacheN device . - blk-mq: Allow timeouts to run while queue is freezing . - blk-mq: Always schedule hctx-next_cpu . - blk-mq: Avoid memory reclaim when remapping queues . - blk-mq: Fix failed allocation path when mapping queues . - blk-mq: do not overwrite rq-mq_ctx . - blk-mq: improve warning for running a queue on the wrong CPU . - block: Change extern inline to static inline . - bluetooth: btmrvl: fix hung task warning dump . - bnx2x: Correct ringparam estimate when DOWN . - brcmfmac: Change error print on wlan0 existence . - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT . - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl . - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls . - btrfs: fix inode leak on failure to setup whiteout inode in rename . - btrfs: fix lockdep warning about log_mutex . - btrfs: fix lockdep warning on deadlock against an inode"s log mutex . - btrfs: fix number of transaction units for renames with whiteout . - btrfs: increment ctx-pos for every emitted or skipped dirent in readdir . - btrfs: incremental send, fix invalid paths for rename operations . - btrfs: incremental send, fix premature rmdir operations . - btrfs: pin log earlier when renaming . - btrfs: pin logs earlier when doing a rename exchange operation . - btrfs: remove old tree_root dirent processing in btrfs_real_readdir . - btrfs: send, add missing error check for calls to path_loop . - btrfs: send, avoid incorrect leaf accesses when sending utimes operations . - btrfs: send, fix failure to move directories with the same name around . - btrfs: send, fix invalid leaf accesses due to incorrect utimes operations . - btrfs: send, fix warning due to late freeing of orphan_dir_info structures . - btrfs: test_check_exists: Fix infinite loop when searching for free space entries . - btrfs: unpin log if rename operation fails . - btrfs: unpin logs if rename exchange operation fails . - ceph: fix bad endianness handling in parse_reply_info_extra . - clk: xgene: Add PMD clock . - clk: xgene: Do not call __pa on ioremaped address . - clk: xgene: Remove CLK_IS_ROOT . - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 - config: enable Ceph kernel client modules for ppc64le - config: enable Ceph kernel client modules for s390x - crypto: FIPS - allow tests to be disabled in FIPS mode . - crypto: drbg - do not call drbg_instantiate in healt test . - crypto: drbg - remove FIPS 140-2 continuous test . - crypto: qat - fix bar discovery for c62x . - crypto: qat - zero esram only for DH85x devices . - crypto: rsa - allow keys = 2048 bits in FIPS mode . - crypto: xts - consolidate sanity check for keys . - crypto: xts - fix compile errors . - cxl: fix potential NULL dereference in free_adapter . - dax: fix deadlock with DAX 4k holes . - dax: fix device-dax region base . - device-dax: check devm_nsio_enable return value . - device-dax: fail all private mapping attempts . - device-dax: fix percpu_ref_exit ordering . - driver core: fix race between creating/querying glue dir and its cleanup . - drivers: hv: Introduce a policy for controlling channel affinity. - drivers: hv: balloon: Add logging for dynamic memory operations. - drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not set. - drivers: hv: balloon: Fix info request to show max page count. - drivers: hv: balloon: Use available memory value in pressure report. - drivers: hv: balloon: account for gaps in hot add regions. - drivers: hv: balloon: keep track of where ha_region starts. - drivers: hv: balloon: replace ha_region_mutex with spinlock. - drivers: hv: cleanup vmbus_open for wrap around mappings. - drivers: hv: do not leak memory in vmbus_establish_gpadl. - drivers: hv: get rid of id in struct vmbus_channel. - drivers: hv: get rid of redundant messagecount in create_gpadl_header. - drivers: hv: get rid of timeout in vmbus_open. - drivers: hv: make VMBus bus ids persistent. - drivers: hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw . - drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from, to}_ringbuffer. - drivers: hv: ring_buffer: wrap around mappings for ring buffers. - drivers: hv: utils: Check VSS daemon is listening before a hot backup. - drivers: hv: utils: Continue to poll VSS channel after handling requests. - drivers: hv: utils: Fix the mapping between host version and protocol to use. - drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout. - drivers: hv: vmbus: Base host signaling strictly on the ring state. - drivers: hv: vmbus: Enable explicit signaling policy for NIC channels. - drivers: hv: vmbus: Implement a mechanism to tag the channel for low latency. - drivers: hv: vmbus: Make mmio resource local. - drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host. - drivers: hv: vmbus: On write cleanup the logic to interrupt the host. - drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg. - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read. - drivers: hv: vmbus: fix the race when querying and updating the percpu list. - drivers: hv: vmbus: suppress some hv_vmbus: Unknown GUID warnings. - drivers: hv: vss: Improve log messages. - drivers: hv: vss: Operation timeouts should match host expectation. - drivers: net: phy: mdio-xgene: Add hardware dependency . - drivers: net: phy: xgene: Fix "remove" function . - drivers: net: xgene: Add change_mtu function . - drivers: net: xgene: Add flow control configuration . - drivers: net: xgene: Add flow control initialization . - drivers: net: xgene: Add helper function . - drivers: net: xgene: Add support for Jumbo frame . - drivers: net: xgene: Configure classifier with pagepool . - drivers: net: xgene: Fix MSS programming . - drivers: net: xgene: fix build after change_mtu function change . - drivers: net: xgene: fix: Coalescing values for v2 hardware . - drivers: net: xgene: fix: Disable coalescing on v1 hardware . - drivers: net: xgene: fix: RSS for non-TCP/UDP . - drivers: net: xgene: fix: Use GPIO to get link status . - drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool . - drm: Delete previous two fixes for i915 . These upstream fixes brought some regressions, so better to revert for now. - drm: Disable patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The patch seems leading to the instability on Wyse box . - drm: Fix broken VT switch with video=1366x768 option . - drm: Use u64 for intermediate dotclock calculations . - drm: i915: Do not init hpd polling for vlv and chv from runtime_suspend . - drm: i915: Fix PCODE polling during CDCLK change notification . - drm: i915: Fix watermarks for VLV/CHV . - drm: i915: Force VDD off on the new power seqeuencer before starting to use it . - drm: i915: Mark CPU cache as dirty when used for rendering . - drm: i915: Mark i915_hpd_poll_init_work as static . - drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV . - drm: i915: Prevent enabling hpd polling in late suspend . - drm: i915: Restore PPS HW state from the encoder resume hook . - drm: i915: Workaround for DP DPMS D3 on Dell monitor . - drm: vc4: Fix an integer overflow in temporary allocation layout . - drm: vc4: Return -EINVAL on the overflow checks failing . - drm: virtio-gpu: get the fb from the plane state for atomic updates . - edac: xgene: Fix spelling mistake in error messages . - efi: libstub: Move Graphics Output Protocol handling to generic code . - fbcon: Fix vc attr at deinit . - fs: nfs: avoid including mountproto= with no protocol in /proc/mounts . - gpio: xgene: make explicitly non-modular . - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels. - hv: change clockevents unbind tactics. - hv: do not reset hv_context.tsc_page on crash. - hv_netvsc: Add handler for physical link speed change. - hv_netvsc: Add query for initial physical link speed. - hv_netvsc: Implement batching of receive completions. - hv_netvsc: Revert make inline functions static. - hv_netvsc: Revert report vmbus name in ethtool. - hv_netvsc: add ethtool statistics for tx packet issues. - hv_netvsc: count multicast packets received. - hv_netvsc: dev hold/put reference to VF. - hv_netvsc: fix a race between netvsc_send and netvsc_init_buf. - hv_netvsc: fix comments. - hv_netvsc: fix rtnl locking in callback. - hv_netvsc: improve VF device matching. - hv_netvsc: init completion during alloc. - hv_netvsc: make RSS hash key static. - hv_netvsc: make device_remove void. - hv_netvsc: make inline functions static. - hv_netvsc: make netvsc_destroy_buf void. - hv_netvsc: make variable local. - hv_netvsc: rearrange start_xmit. - hv_netvsc: refactor completion function. - hv_netvsc: remove VF in flight counters. - hv_netvsc: remove excessive logging on MTU change. - hv_netvsc: report vmbus name in ethtool. - hv_netvsc: simplify callback event code. - hv_netvsc: style cleanups. - hv_netvsc: use ARRAY_SIZE for NDIS versions. - hv_netvsc: use RCU to protect vf_netdev. - hv_netvsc: use consume_skb. - hv_netvsc: use kcalloc. - hyperv: Fix spelling of HV_UNKOWN. - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while holding the punit semaphore . - i2c: designware: Implement support for SMBus block read and write . - i2c: designware: fix wrong Tx/Rx FIFO for ACPI . - i2c: xgene: Fix missing code of DTB support . - i40e: Be much more verbose about what we can and cannot offload . - ibmveth: calculate gso_segs for large packets . - ibmveth: check return of skb_linearize in ibmveth_start_xmit . - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc . - ibmveth: set correct gso_size and gso_type . - igb: Workaround for igb i210 firmware issue . - igb: add i211 to i210 PHY workaround . - input: i8042: Trust firmware a bit more when probing on X86 . - intel_idle: Add KBL support . - ip6_gre: fix ip6gre_err invalid reads . - ipc: msg, make msgrcv work with LONG_MIN . - iwlwifi: Expose the default fallback ucode API to module info . - kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread . - kgraft: xen: Do not block kGraft in xenbus kthread . - libnvdimm: pfn: fix align attribute . - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc . - md linear: fix a race between linear_add and linear_congested . - md-cluster: convert the completion to wait queue. - md-cluster: protect md_find_rdev_nr_rcu with rcu lock. - md: ensure md devices are freed before module is unloaded . - md: fix refcount problem on mddev when stopping array . - misc: genwqe: ensure zero initialization. - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim progress . - mm: memcg: do not retry precharge charges . - mm: page_alloc: fix check for NULL preferred_zone . - mm: page_alloc: fix fast-path race with cpuset update or removal . - mm: page_alloc: fix premature OOM when racing with cpuset mems update . - mm: page_alloc: keep pcp count and list contents in sync if struct page is corrupted . - mm: page_alloc: move cpuset seqcount checking to slowpath . - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for sdhci-arasan4.9a . - mwifiex: add missing check for PCIe8997 chipset . - mwifiex: fix IBSS data path issue . - mwifiex: fix PCIe register information for 8997 chipset . - net: af_iucv: do not use paged skbs for TX on HiperSockets . - net: ethernet: apm: xgene: use phydev from struct net_device . - net: ethtool: Initialize buffer when querying device channel settings . - net: hyperv: avoid uninitialized variable. - net: implement netif_cond_dbg macro . - net: remove useless memset"s in drivers get_stats64 . - net: xgene: avoid bogus maybe-uninitialized warning . - net: xgene: fix backward compatibility fix . - net: xgene: fix error handling during reset . - net: xgene: move xgene_cle_ptree_ewdn data off stack . - netvsc: Remove mistaken udp.h inclusion. - netvsc: add rcu_read locking to netvsc callback. - netvsc: fix checksum on UDP IPV6. - netvsc: reduce maximum GSO size. - nfit: fail DSMs that return non-zero status by default . - nfsv4: Cap the transport reconnection timer at 1/2 lease period . - nfsv4: Cleanup the setting of the nfs4 lease period . - nvdimm: kabi protect nd_cmd_out_size . - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too . - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock . - pci: Add devm_request_pci_bus_resources . - pci: generic: Fix pci_remap_iospace failure path . - pci: hv: Allocate physically contiguous hypercall params buffer. - pci: hv: Fix hv_pci_remove for hot-remove. - pci: hv: Handle hv_pci_generic_compl error case. - pci: hv: Handle vmbus_sendpacket failure in hv_compose_msi_msg. - pci: hv: Make unnecessarily global IRQ masking functions static. - pci: hv: Remove the unused "wrk" in struct hv_pcibus_device. - pci: hv: Use list_move_tail instead of list_del + list_add_tail. - pci: hv: Use pci_function_description in struct definitions. - pci: hv: Use the correct buffer size in new_pcichild_device. - pci: hv: Use zero-length array in struct pci_packet. - pci: include header file . - pci: xgene: Add local struct device pointers . - pci: xgene: Add register accessors . - pci: xgene: Free bridge resource list on failure . - pci: xgene: Make explicitly non-modular . - pci: xgene: Pass struct xgene_pcie_port to setup functions . - pci: xgene: Remove unused platform data . - pci: xgene: Request host bridge window resources . - perf: xgene: Remove bogus IS_ERR check . - phy: xgene: rename enum phy_mode to enum xgene_phy_mode . - power: reset: xgene-reboot: Unmap region obtained by of_iomap . - powerpc: fadump: Fix the race in crash_fadump . - qeth: check not more than 16 SBALEs on the completion queue . - raid1: Fix a regression observed during the rebuilding of degraded MDRAID VDs . - raid1: ignore discard error . - reiserfs: fix race in prealloc discard . - rpm: kernel-binary.spec.in: Export a make-stderr.log file - rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs - rtc: cmos: Clear ACPI-driven alarms upon resume . - rtc: cmos: Do not enable interrupts in the middle of the interrupt handler . - rtc: cmos: Restore alarm after resume . - rtc: cmos: avoid unused function warning . - s390: Fix invalid domain response handling . - s390: cpuinfo: show maximum thread id . - s390: sysinfo: show partition extended name and UUID if available . - s390: time: LPAR offset handling . - s390: time: move PTFF definitions . - sched: Allow hotplug notifiers to be setup early . - sched: Make wake_up_nohz_cpu handle CPUs going offline . - sched: core, x86/topology: Fix NUMA in package topology bug . - sched: core: Fix incorrect utilization accounting when switching to fair class . - sched: core: Fix set_user_nice . - sched: cputime: Add steal time support to full dynticks CPU time accounting . - sched: cputime: Fix prev steal time accouting during CPU hotplug . - sched: deadline: Always calculate end of period on sched_yield . - sched: deadline: Fix a bug in dl_overflow . - sched: deadline: Fix lock pinning warning during CPU hotplug . - sched: deadline: Fix wrap-around in DL heap . - sched: fair: Avoid using decay_load_missed with a negative value . - sched: fair: Fix fixed point arithmetic width for shares and effective load . - sched: fair: Fix load_above_capacity fixed point arithmetic width . - sched: fair: Fix min_vruntime tracking . - sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task . - sched: fair: Improve PELT stuff some more . - sched: rt, sched/dl: Do not push if task"s scheduling class was changed . - sched: rt: Fix PI handling vs. sched_setscheduler . - sched: rt: Kick RT bandwidth timer immediately on start up . - scsi: Add "AIX VDASD" to blacklist . - scsi: Modify HITACHI OPEN-V blacklist entry . - scsi: bfa: Increase requested firmware version to 3.2.5.1 . - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels. - scsi_dh_alua: uninitialized variable in alua_rtpg . - sctp: avoid BUG_ON on sctp_wait_for_sndbuf . - sd: always scan VPD pages if thin provisioning is enabled . - serial: 8250: Integrate Fintek into 8250_base . Update config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too. Also, the corresponding entry got removed from supported.conf. - serial: 8250_fintek: fix the mismatched IRQ mode . - serial: Update metadata for serial fixes - ses: Fix SAS device detection in enclosure . - sfc: reduce severity of PIO buffer alloc failures . - sfc: refactor debug-or-warnings printks . - sunrpc: Fix reconnection timeouts . - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout . - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail - supported.conf: delete xilinx/ll_temac - target: add XCOPY target/segment desc sense codes . - target: bounds check XCOPY segment descriptor list . - target: bounds check XCOPY total descriptor list length . - target: check XCOPY segment descriptor CSCD IDs . - target: check for XCOPY parameter truncation . - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense . - target: simplify XCOPY wwn-se_dev lookup helper . - target: support XCOPY requests without parameters . - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense . - target: use XCOPY segment descriptor CSCD IDs . - tools: hv: Enable network manager for bonding scripts on RHEL. - tools: hv: fix a compile warning in snprintf. - tools: hv: kvp: configurable external scripts path. - tools: hv: kvp: ensure kvp device fd is closed on exec. - tools: hv: remove unnecessary header files and netlink related code. - tools: hv: remove unnecessary link flag. - tty: n_hdlc, fix lockdep false positive . - uvcvideo: uvc_scan_fallback for webcams with broken chain . - vmbus: make sysfs names consistent with PCI. - x86: MCE: Dump MCE to dmesg if no consumers . - x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic. - xfs: don"t allow di_size with high bit set . - xfs: exclude never-released buffers from buftarg I/O accounting . - xfs: fix broken multi-fsb buffer logging . - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 . - xfs: fix up xfs_swap_extent_forks inline extent handling . - xfs: track and serialize in-flight async buffers against unmount . - xfs: track and serialize in-flight async buffers against unmount - kABI .