The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY , but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time . - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service via a crafted ioctl call for a /dev/dri/renderD* device . - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service via crafted system calls . - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted socket and send system calls . - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized kernel memory by using a crafted USB device to trigger an integer underflow. - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service by leveraging reference count mishandling. - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface . - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service or possibly have unspecified other impact by leveraging use of the accept system call . - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls . - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service by triggering EBUSY on a full queue . - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation . The following non-security bugs were fixed: - 9p: fix a potential acl leak . - acpi / APEI: Add missing synchronize_rcu on NOTIFY_SCI removal . - acpi / scan: Drop support for force_remove . - ahci: disable correct irq for dummy ports . - alsa: hda - Fix deadlock of controller device lock at unbinding . - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode . - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build . - ASoC: Intel: Skylake: Uninitialized variable in probe_codec . - ASoC: rt5640: use msleep for long delays . - ASoC: sti: Fix error handling if of_clk_get fails . - bcache: fix calling ida_simple_remove with incorrect minor . - block: copy NOMERGE flag from bio to request . - block: get rid of blk_integrity_revalidate . - bna: add missing per queue ethtool stat . - bna: avoid writing uninitialized data into hw registers . - bna: integer overflow bug in debugfs . - bnxt_en: allocate enough space for -ntp_fltr_bmap . - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal . - bonding: do not use stale speed and duplex information . - bonding: prevent out of bound accesses . - bpf, arm64: fix jit branch offset related to ldimm64 . - brcmfmac: add fallback for devices that do not report per-chain values . - brcmfmac: avoid writing channel out of allocated array . - brcmfmac: Ensure pointer correctly set if skb data location changes . - brcmfmac: Make skb header writable before use . - brcmfmac: restore stopping netdev queue when bus clogs up . - btrfs: add a flags field to btrfs_fs_info . - btrfs: add ASSERT for block group"s memory leak . - btrfs: add btrfs_trans_handle-fs_info pointer . - btrfs: add bytes_readonly to the spaceinfo at once . - btrfs: add check to sysfs handler of label . - btrfs: add dynamic debug support . - btrfs: add error handling for extent buffer in print tree . - btrfs: add missing bytes_readonly attribute file in sysfs . - btrfs: add missing check for writeback errors on fsync . - btrfs: add more validation checks for superblock . - btrfs: Add ratelimit to btrfs printing . - btrfs: add read-only check to sysfs handler of features . - btrfs: add semaphore to synchronize direct IO writes with fsync . - btrfs: add tracepoint for adding block groups . - btrfs: add tracepoints for flush events . - btrfs: add transaction space reservation tracepoints . - btrfs: add validadtion checks for chunk loading . - btrfs: add write protection to SET_FEATURES ioctl . - btrfs: allow balancing to dup with multi-device . - btrfs: always reserve metadata for delalloc extents . - btrfs: always use trans-block_rsv for orphans . - btrfs: avoid blocking open_ctree from cleaner_kthread . - btrfs: avoid deadlocks during reservations in btrfs_truncate_block . - btrfs: avoid overflowing f_bfree . - btrfs: avoid uninitialized variable warning . - btrfs: btrfs_abort_transaction, drop root parameter . - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space . - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block size . - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize . - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined . - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone operation . - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units . - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction . - btrfs: btrfs_submit_direct_hook: Handle map_length bio vector length . - btrfs: build fixup for qgroup_account_snapshot . - btrfs: change BUG_ON"s to ASSERT"s in backref_cache_cleanup . - btrfs: change delayed reservation fallback behavior . - btrfs: change how we calculate the global block rsv . - btrfs: change how we update the global block rsv . - btrfs: check btree node"s nritems . - btrfs: check if extent buffer is aligned to sectorsize . - btrfs: check inconsistence between chunk and block group . - btrfs: check reserved when deciding to background flush . - btrfs: clarify do_chunk_alloc"s return value . - btrfs: Clean pte corresponding to page straddling i_size . - btrfs: clean the old superblocks before freeing the device . - btrfs: clean up and optimize __check_raid_min_device . - btrfs: cleanup assigning next active device with a check . - btrfs: cleanup BUG_ON in merge_bio . - btrfs: Cleanup compress_file_range . - btrfs: cleanup error handling in extent_write_cached_pages . - btrfs: clear uptodate flags of pages in sys_array eb . - btrfs: clone: use vmalloc only as fallback for nodesize bufer . - btrfs: Compute and look up csums based on sectorsized blocks . - btrfs: convert nodesize macros to static inlines . - btrfs: convert printk