The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference . - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor . - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup . - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device . - CVE-2017-13080: Wi-Fi Protected Access allowed reinstallation of the Group Temporal Key during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients . - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 . - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c . - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service by leveraging incorrect length validation . - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service via vectors related to setting an RHINHERIT flag on a directory . - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn"t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR . - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service by leveraging root access . - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service via simultaneous file-descriptor operations that leverage improper might_cancel queueing . - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact by changing a certain sequence-number value, aka a double fetch vulnerability . - CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO path switch was fixed. The following non-security bugs were fixed: - alsa: core: Fix unexpected error at replacing user TLV . - alsa: hda - fix Lewisburg audio issue . - alsa: hda/ca0132 - Fix memory leak at error path . - alsa: timer: Add missing mutex lock for compat ioctls . - audit: Fix use after free in audit_remove_watch_rule . - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch . - kvm: SVM: Add a missing "break" statement . - kvm: async_pf: Fix #DF due to inject Page not Present and Page Ready exceptions simultaneously . - nfs: Cache aggressively when file is open for writing . - nfs: Do drop directory dentry when error clearly requires it . - nfs: Do not flush caches for a getattr that races with writeback . # Conflicts: # series.conf - nfs: Optimize fallocate by refreshing mapping when needed . - nfs: Remove asserts from the NFS XDR code . - nfs: invalidate file size when taking a lock . - pci: fix hotplug related issues . - Update config files. The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - af_key: do not use GFP_KERNEL in atomic contexts . - autofs: do not fail mount for transient error . - xen: avoid deadlock in xenbus . - blacklist.conf: Add PCI ASPM fix to blacklist - blkback/blktap: do not leak stack data via response ring . - bnx2x: prevent crash when accessing PTP with interface down . - cx231xx-audio: fix NULL-deref at probe . - cx82310_eth: use skb_cow_head to deal with cloned skbs . - dm bufio: fix integer overflow when limiting maximum cache size . - drm/mgag200: Fixes for G200eH3. - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand to avoid deadloack . - fuse: do not use iocb after it may have been freed . - fuse: fix fuse_write_end if zero bytes were copied . - fuse: fsync did not return IO errors . - fuse: fuse_flush must check mapping-flags for errors . - getcwd: Close race with d_move called by lustre . - gspca: konica: add missing endpoint sanity check . - i40e: Initialize 64-bit statistics TX ring seqcount . - kabi fix for new hash_cred function . - kabi/severities: Ignore zpci symbol changes - lib/mpi: mpi_read_raw_data: fix nbits calculation . - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl . - mac80211: do not compare TKIP TX MIC key in reinstall prevention . - md/bitmap: disable bitmap_resize for file-backed bitmaps . - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl . - net: Fix RCU splat in af_key . - netback: coalesce RX SKBs as needed . - nfs: Fix ugly referral attributes . - nfs: improve shinking of access cache . - powerpc/fadump: add reschedule point while releasing memory . - powerpc/fadump: avoid duplicates in crash memory ranges . - powerpc/fadump: provide a helpful error message . - powerpc/mm: Fix check of multiple 16G pages from device tree . - powerpc/prom: Increase minimum RMA size to 512MB . - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister . - powerpc/slb: Force a full SLB flush when we insert for a bad EA . - powerpc/xics: Harden xics hypervisor backend . - powerpc: Correct instruction code for xxlor instruction . - powerpc: Fix emulation of mfocrf in emulate_step . - powerpc: Fix the corrupt r3 error during MCE handling . - powerpc: Make sure IPI handlers see data written by IPI senders . - reiserfs: fix race in readdir . - s390/cpcmd,vmcp: avoid GFP_DMA allocations . - s390/pci: do not cleanup in arch_setup_msi_irqs . - s390/pci: fix handling of PEC 306 . - s390/pci: improve error handling during fmb registration . - s390/pci: improve error handling during interrupt deregistration . - s390/pci: improve pci hotplug . - s390/pci: improve unreg_ioat error handling . - s390/pci: introduce clp_get_state . - s390/pci: provide more debug information . - s390/qdio: avoid reschedule of outbound tasklet once killed . - s390/topology: alternative topology for topology-less machines . - s390/topology: enable / disable topology dynamically . - scsi: avoid system stall due to host_busy race . - scsi: close race when updating blocked counters . - scsi: qla2xxx: Get mutex lock before checking optrom_state . - scsi: reset wait for IO completion . - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records . - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers . - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA . - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records . - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled . - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response . - ser_gigaset: return -ENOMEM on error instead of success . - sunrpc: add RPCSEC_GSS hash_cred function . - sunrpc: add auth_unix hash_cred function . - sunrpc: add generic_auth hash_cred function . - sunrpc: add hash_cred function to rpc_authops struct . - sunrpc: replace generic auth_cred hash with auth-specific function . - sunrpc: use supplimental groups in auth hash . - supported.conf: clear mistaken external support flag for cifs.ko . - tpm: fix a kernel memory leak in tpm-sysfs.c . - usb-serial: check for NULL private data in pl2303_suse_disconnect . - uwb: fix device quirk on big-endian hosts . - virtio_scsi: do not call virtqueue_add_sgs holding spinlock . - x86/microcode/intel: Disable late loading on model 79 . - xfs: fix inobt inode allocation search optimization .