The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service via crafted epoll_ctl calls . - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request . - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls . - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service via a crafted PPPIOCSMAXCID ioctl call . - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service via a value that was smaller than the minimum compliant value or larger than the MTU of an interface, as demonstrated by a Router Advertisement message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 . - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c . - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application . - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend . - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device"s state, allowing for DoS . - CVE-2015-8569: The pptp_bind and pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application . - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application . - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application . - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service via a crafted sctp_accept call . - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service via a writev system call that triggers a zero length for the first segment of an iov . - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call . - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution . The following non-security bugs were fixed: - ACPI: Introduce apic_id in struct processor to save parsed APIC id . - ACPI: Make it possible to get local x2apic id via _MAT . - ACPI: use apic_id and remove duplicated _MAT evaluation . - ACPICA: Correctly cleanup after a ACPI table load failure . - Add sd_mod to initrd modules. For some reason PowerVM backend can"t work without sd_mod - Do not modify perf bias performance setting by default at boot . - Documentation: Document kernel.panic_on_io_nmi sysctl . - Driver for IBM System i/p VNIC protocol - Drop blktap patches from SLE12, since the driver is unsupported - Improve fairness when locking the per-superblock s_anon list . - Input: aiptek - fix crash on detecting device without endpoints . - NFSD: Do not start lockd when only NFSv4 is running - NFSv4: Recovery of recalled read delegations is broken . - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the CPU we need it to run on - Revert "ipv6: add complete rcu protection around np->opt" . - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1. Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd applied, victim of 1 reports performance regression