SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:1744-1
Rating:             important
References:         #1051510 #1071995 #1094555 #1111666 #1112374 
                    #1114279 #1128432 #1134730 #1134738 #1135153 
                    #1135296 #1135642 #1136156 #1136157 #1136271 
                    #1136333 #1137103 #1137194 #1137366 #1137884 
                    #1137985 #1138263 #1138336 #1138374 #1138375 
                    #1138589 #1138681 #1138719 #1138732 
Cross-References:   CVE-2018-16871 CVE-2019-12614 CVE-2019-12817
                   
Affected Products:
                    SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

   An update that solves three vulnerabilities and has 26
   fixes is now available.

Description:



   The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
   security and bugfixes.

   This update adds support for the Hygon Dhyana CPU (fate#327735).

   The following security bugs were fixed:

   - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
     arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup
     of prop->name, which might allow an attacker to cause a denial of
     service (NULL pointer dereference and system crash) (bnc#1137194).
   - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS
     message sequence was fixed. (bnc#1137103).
   - CVE-2019-12817: On the PowerPC architecture, local attackers could
     access other users processes memory (bnc#1138263).

   The following non-security bugs were fixed:

   - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
   - acpi: Add Hygon Dhyana support (fate#327735).
   - af_key: unconditionally clone on broadcast (bsc#1051510).
   - alsa: firewire-motu: fix destruction of data for isochronous resources
     (bsc#1051510).
   - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
   - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
   - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
   - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
   - audit: fix a memory leak bug (bsc#1051510).
   - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
   - ceph: factor out ceph_lookup_inode() (bsc#1138681).
   - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
   - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
   - ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
   - ceph: print inode number in __caps_issued_mask debugging messages
     (bsc#1138681).
   - ceph: quota: fix quota subdir mounts (bsc#1138681).
   - ceph: remove duplicated filelock ref increase (bsc#1138681).
   - cfg80211: fix memory leak of wiphy device name (bsc#1051510).
   - cpufreq: Add Hygon Dhyana support (fate#327735).
   - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ  (fate#327735).
   - cpu/topology: Export die_id (jsc#SLE-5454).
   - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
   - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
   - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
     (bsc#1051510).
   - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
   - drbd: skip spurious timeout (ping-timeo) when failing promote
     (bsc#1051510).
   - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
     (bsc#1136333 jsc#SLE-4994).
   - drivers: fix a typo in the kernel doc for
     devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).
   - drivers: provide devm_platform_ioremap_resource() (bsc#1136333
     jsc#SLE-4994).
   - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error
     handling path in 'rio_dma_transfer()' (bsc#1051510).
   - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
     (bsc#1051510).
   - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER
     (bsc#1051510).
   - drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
   - drm/amd/display: Use plane->color_space for dpp if specified
     (bsc#1111666).
   - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
   - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).
   - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).
   - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).
   - drm/i915: Apply correct ddi translation table for AML device
     (jsc#SLE-4986).
   - drm/i915: Attach the pci match data to the device upon creation
     (jsc#SLE-4986).
   - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).
   - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).
   - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init
     (jsc#SLE-4986).
   - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).
   - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).
   - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).
   - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy
     (jsc#SLE-4986).
   - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
   - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro
     (jsc#SLE-4986).
   - drm/i915/sdvo: Implement proper HDMI audio support for SDVO
     (bsc#1051510).
   - drm/i915: Split Pineview device info into desktop and mobile
     (jsc#SLE-4986).
   - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).
   - drm/i915: start moving runtime device info to a separate struct
     (jsc#SLE-4986).
   - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
     (bsc#1111666).
   - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
     (bsc#1111666).
   - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
   - drm/mediatek: fix unbind functions (bsc#1111666).
   - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
   - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
     configuration (bsc#1051510).
   - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd
     when encoders change (bsc#1111666).
   - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
     (bsc#1111666).
   - EDAC, amd64: Add Hygon Dhyana support (fate#327735).
   - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
   - HID: wacom: Add ability to provide explicit battery status info
     (bsc#1051510).
   - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
   - HID: wacom: Add support for Pro Pen slim (bsc#1051510).
   - HID: wacom: convert Wacom custom usages to standard HID usages
     (bsc#1051510).
   - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
     (bsc#1051510).
   - HID: wacom: Do not report anything prior to the tool entering range
     (bsc#1051510).
   - HID: wacom: Do not set tool type until we're in range (bsc#1051510).
   - HID: wacom: fix mistake in printk (bsc#1051510).
   - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
   - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
   - HID: wacom: generic: Leave tool in prox until it completely leaves sense
     (bsc#1051510).
   - HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
   - HID: wacom: generic: Report AES battery information (bsc#1051510).
   - HID: wacom: generic: Reset events back to zero when pen leaves
     (bsc#1051510).
   - HID: wacom: generic: Scale battery capacity measurements to percentages
     (bsc#1051510).
   - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
     (bsc#1051510).
   - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
     (bsc#1051510).
   - HID: wacom: generic: Support multiple tools per report (bsc#1051510).
   - HID: wacom: generic: Use generic codepath terminology in
     wacom_wac_pen_report (bsc#1051510).
   - HID: wacom: Mark expected switch fall-through (bsc#1051510).
   - HID: wacom: Move handling of HID quirks into a dedicated function
     (bsc#1051510).
   - HID: wacom: Move HID fix for AES serial number into
     wacom_hid_usage_quirk (bsc#1051510).
   - HID: wacom: Properly handle AES serial number and tool type
     (bsc#1051510).
   - HID: wacom: Queue events with missing type/serial data for later
     processing (bsc#1051510).
   - HID: wacom: Remove comparison of u8 mode with zero and simplify
     (bsc#1051510).
   - HID: wacom: Replace touch_max fixup code with static touch_max
     definitions (bsc#1051510).
   - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
     (bsc#1051510).
   - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible
     (bsc#1051510).
   - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
   - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
     (bsc#1051510).
   - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
   - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
     (bsc#1051510).
   - hwmon/coretemp: Cosmetic: Rename internal variables to zones from
     packages (jsc#SLE-5454).
   - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
   - hwmon: (k10temp) 27C Offset needed for Threadripper2  (FATE#327735).
   - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
   - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
     (FATE#327735).
   - hwmon: (k10temp) Add support for family 17h (FATE#327735).
   - hwmon: (k10temp) Add support for Stoney Ridge and Bristol  Ridge CPUs
     (FATE#327735).
   - hwmon: (k10temp) Add support for temperature offsets  (FATE#327735).
   - hwmon: (k10temp) Add temperature offset for Ryzen 1900X  (FATE#327735).
   - hwmon: (k10temp) Add temperature offset for Ryzen 2700X  (FATE#327735).
   - hwmon: (k10temp) Correct model name for Ryzen 1600X  (FATE#327735).
   - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
   - hwmon: (k10temp) Fix reading critical temperature register
     (FATE#327735).
   - hwmon: (k10temp) Make function get_raw_temp static  (FATE#327735).
   - hwmon: (k10temp) Move chip specific code into probe function
     (FATE#327735).
   - hwmon: (k10temp) Only apply temperature offset if result is  positive
     (FATE#327735).
   - hwmon: (k10temp) Support all Family 15h Model 6xh and Model  7xh
     processors (FATE#327735).
   - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify  offset
     table (FATE#327735).
   - hwmon: (k10temp) Use API function to access System Management  Network
     (FATE#327735).
   - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs  (FATE#327735).
   - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
   - ibmveth: Update ethtool settings to reflect virtual properties
     (bsc#1136157, LTC#177197).
   - ipv6: fib: Do not assume only nodes hold a reference on routes
     (bsc#1138732).
   - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803  FATE#327056).
   - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730
     LTC#173388).
   - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042
     bsc#1134730 LTC#173388).
   - kabi/severities: Whitelist airq_iv_* (s390-specific)
   - kABI workaround for asus-wmi changes (bsc#1051510).
   - kABI workaround for the new pci_dev.skip_bus_pm field addition
     (bsc#1051510).
   - kabi: x86/topology: Add CPUID.1F multi-die/package support
     (jsc#SLE-5454).
   - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
   - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID
     (bsc#1114279).
   - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d
     (bsc#1114279).
   - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
   - mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
   - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
   - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers     (bsc#1051510).
   - mmc: mmci: Prevent polling for busy detection in IRQ context
     (bsc#1051510).
   - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
     (bsc#1051510).
   - module: Fix livepatch/ftrace module text permissions race  (bsc#1071995
     fate#323487).
   - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
   - nl80211: fix station_info pertid memory leak (bsc#1051510).
   - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices
     (bsc#1051510).
   - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
   - nvmem: core: fix read buffer in place (bsc#1051510).
   - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
   - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us
     (bsc#1051510).
   - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support
     (bsc#1051510).
   - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
   - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
   - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function
     (bsc#1051510).
   - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
   - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
   - nvmem: imx-ocotp: Update module description (bsc#1051510).
   - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
   - nvme: skip nvme_update_disk_info() if the controller is not live
     (bsc#1128432).
   - PCI: Disable VF decoding before pcibios_sriov_disable() updates
     resources (jsc#SLE-5803).
   - PCI/IOV: Add flag so platforms can skip VF scanning  (jsc#SLE-5803
     FATE#327056).
   - PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).
   - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
   - perf tools: Add Hygon Dhyana support (fate#327735).
   - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
   - perf/x86/intel/rapl: Cosmetic rename internal variables in response to
     multi-die/pkg support (jsc#SLE-5454).
   - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
   - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg
     support (jsc#SLE-5454).
   - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
   - platform/chrome: cros_ec_proto: check for NULL transfer function
     (bsc#1051510).
   - platform_data/mlxreg: Add capability field to core platform data
     (bsc#1112374).
   - platform_data/mlxreg: additions for Mellanox watchdog driver
     (bsc#1112374).
   - platform_data/mlxreg: Document fixes for core platform data
     (bsc#1112374).
   - platform/mellanox: Add new ODM system types to mlx-platform
     (bsc#1112374).
   - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc
     (bsc#1136333 jsc#SLE-4994).
   - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
     (bsc#1111666).
   - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys
     from asus_nb_wmi (bsc#1051510).
   - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Add Package cstates residency info
     (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
   - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
     (jsc#SLE-5226).
   - platform/x86: mlx-platform: Add ASIC hotplug device configuration
     (bsc#1112374).
   - platform/x86: mlx-platform: Add definitions for new registers     (bsc#1112374).
   - platform/x86: mlx-platform: Add extra CPLD for next generation systems
     (bsc#1112374).
   - platform/x86: mlx-platform: Add LED platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlxreg-io platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add mlx-wdt platform driver activation
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for fan capability registers     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for fan direction register
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for new VMOD0007 board name
     (bsc#1112374).
   - platform/x86: mlx-platform: Add support for tachometer speed register
     (bsc#1112374).
   - platform/x86: mlx-platform: Add UID LED for the next generation systems
     (bsc#1112374).
   - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x
     systems (bsc#1112374).
   - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
   - platform/x86: mlx-platform: Fix access mode for fan_dir attribute
     (bsc#1112374).
   - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init()
     (bsc#1112374).
   - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
   - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
     registration (bsc#1051510).
   - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
   - platform/x86: mlx-platform: Remove unused define (bsc#1112374).
   - platform/x86: mlx-platform: Rename new systems product names
     (bsc#1112374).
   - PM / core: Propagate dev->power.wakeup_path when no callbacks
     (bsc#1051510).
   - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
   - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
   - powercap/intel_rapl: Update RAPL domain name and debug messages
     (jsc#SLE-5454).
   - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
     (bsc#1138374, LTC#178199).
   - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375,
     LTC#178204).
   - powerpc/pseries/mobility: prevent cpu hotplug during DT update
     (bsc#1138374, LTC#178199).
   - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
     (bsc#1138374, LTC#178199).
   - power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
   - power: supply: sysfs: prevent endless uevent loop with
     CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
   - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
   - qmi_wwan: add network device usage statistics for qmimux devices
     (bsc#1051510).
   - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
   - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
   - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
     (bsc#1051510).
   - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
   - rapidio: fix a NULL pointer dereference when create_workqueue() fails
     (bsc#1051510).
   - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
   - RAS/CEC: Fix binary search function (bsc#1114279).
   - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
   - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire
     laptops" (bsc#1051510).
   - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen
     enters range" (bsc#1051510).
   - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)."
     This broke the build with older gcc instead.
   - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/airq: recognize directed interrupts (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/dasd: fix using offset into zero size array error (bsc#1051510).
   - s390: enable processes for mio instructions (jsc#SLE-5802  FATE#327055
     bsc#1134738 LTC#173387).
   - s390/ism: move oddities of device IO to wrapper function  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
   - s390/pci: add parameter to disable usage of MIO instructions
     (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: add parameter to force floating irqs (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: clarify interrupt vector usage (jsc#SLE-5789  FATE#327042
     bsc#1134730 LTC#173388).
   - s390/pci: fix assignment of bus resources (jsc#SLE-5802  FATE#327055
     bsc#1134738 LTC#173387).
   - s390/pci: fix struct definition for set PCI function  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: gather statistics for floating vs directed irqs  (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).
   - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).
   - s390/pci: mark command line parser data __initdata (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: move io address mapping code to pci_insn.c  (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: provide support for CPU directed interrupts  (jsc#SLE-5789
     FATE#327042 bsc#1134730 LTC#173388).
   - s390/pci: provide support for MIO instructions (jsc#SLE-5802
     FATE#327055 bsc#1134738 LTC#173387).
   - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730
     LTC#173388).
   - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042  bsc#1134730
     LTC#173388).
   - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).
   - s390/protvirt: add memory sharing for diag 308 set/store  (jsc#SLE-5759
     FATE#327003 bsc#1135153 LTC#173151).
   - s390/protvirt: block kernel command line alteration  (jsc#SLE-5759
     FATE#327003 bsc#1135153 LTC#173151).
   - s390/qeth: fix race when initializing the IP address table (bsc#1051510).
   - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
     (bsc#1051510).
   - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042  bsc#1134730
     LTC#173388).
   - s390/setup: fix early warning messages (bsc#1051510).
   - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042
     bsc#1134730 LTC#173388).
   - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759  FATE#327003
     bsc#1135153 LTC#173151).
   - s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
   - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
   - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: fix an uninitialized read and dereference of pointer dev
     (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712
     bsc#1136156).
   - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
   - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712
     bsc#1136156).
   - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver
     (bsc#1136271).
   - scsi: megaraid_sas: correct an info message (bsc#1136271).
   - scsi: megaraid_sas: driver version update (bsc#1136271).
   - scsi: megaraid_sas: Retry reads of outbound_intr_status reg
     (bsc#1136271).
   - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
   - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
   - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD
     (bsc#1136271).
   - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
   - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
   - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
   - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
     port_remove (bsc#1051510).
   - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
     (bsc#1051510).
   - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
     devices (bsc#1051510).
   - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only
     sdevs) (bsc#1051510).
   - serial: sh-sci: disable DMA for uart_console (bsc#1051510).
   - SMB3: Fix endian warning (bsc#1137884).
   - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
     (bsc#1051510).
   - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
   - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
     (bsc#1051510).
   - spi: Fix zero length xfer bug (bsc#1051510).
   - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
   - spi: spi-fsl-spi: call spi_finalize_current_message() at the end
     (bsc#1051510).
   - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
   - spi: tegra114: reset controller on probe (bsc#1051510).
   - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
   - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
   - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to
     zones from packages (jsc#SLE-5454).
   - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
   - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
   - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
   - tools/cpupower: Add Hygon Dhyana support (fate#327735).
   - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
   - topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
   - tty: max310x: Fix external crystal register setup (bsc#1051510).
   - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
   - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
   - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
   - vfio: ccw: only free cp on final interrupt (bsc#1051510).
   - video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
   - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
   - virtio_console: initialize vtermno value for ports (bsc#1051510).
   - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
   - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
   - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
   - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
   - x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
   - x86/apic: Add Hygon Dhyana support (fate#327735).
   - x86/bugs: Add Hygon Dhyana to the respective mitigation  machinery
     (fate#327735).
   - x86/cpu: Add Icelake model number (jsc#SLE-5226).
   - x86/cpu/amd: Do not force the CPB cap when running under a hypervisor
     (bsc#1114279).
   - x86/cpu: Create Hygon Dhyana architecture support file  (fate#327735).
   - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
   - x86/cpufeatures: Combine word 11 and 12 into a new scattered features
     word (jsc#SLE-5382).
   - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions
     (jsc#SLE-5382).
   - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana
     (fate#327735).
   - x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die
     processors ().
   - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number  (fate#327735).
   - x86/events: Add Hygon Dhyana support to PMU infrastructure
     (fate#327735).
   - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
   - x86/mce: Add Hygon Dhyana support to the MCA infrastructure
     (fate#327735).
   - x86/mce: Do not disable MCA banks when offlining a CPU on AMD
     (fate#327735).
   - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
   - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
     (bsc#1114279).
   - x86/microcode: Fix microcode hotplug state (bsc#1114279).
   - x86/microcode: Fix the ancient deprecated microcode loading method
     (bsc#1114279).
   - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
     (bsc#1114279).
   - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and  northbridge
     (fate#327735).
   - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on  Dhyana
     (fate#327735).
   - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
   - x86/speculation/mds: Revert CPU buffer clear on double fault exit
     (bsc#1114279).
   - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
   - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
   - x86/topology: Define topology_die_id() (jsc#SLE-5454).
   - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
   - x86/umip: Make the UMIP activated message generic (bsc#1138336).
   - x86/umip: Print UMIP line only once (bsc#1138336).
   - x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
   - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
     processors (fate#327735).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Live Patching 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1



Package List:

   - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):

      kernel-default-debuginfo-4.12.14-197.7.1
      kernel-default-debugsource-4.12.14-197.7.1
      kernel-default-livepatch-4.12.14-197.7.1
      kernel-default-livepatch-devel-4.12.14-197.7.1
      kernel-livepatch-4_12_14-197_7-default-1-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-16871.html
   https://www.suse.com/security/cve/CVE-2019-12614.html
   https://www.suse.com/security/cve/CVE-2019-12817.html
   https://bugzilla.suse.com/1051510
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1094555
   https://bugzilla.suse.com/1111666
   https://bugzilla.suse.com/1112374
   https://bugzilla.suse.com/1114279
   https://bugzilla.suse.com/1128432
   https://bugzilla.suse.com/1134730
   https://bugzilla.suse.com/1134738
   https://bugzilla.suse.com/1135153
   https://bugzilla.suse.com/1135296
   https://bugzilla.suse.com/1135642
   https://bugzilla.suse.com/1136156
   https://bugzilla.suse.com/1136157
   https://bugzilla.suse.com/1136271
   https://bugzilla.suse.com/1136333
   https://bugzilla.suse.com/1137103
   https://bugzilla.suse.com/1137194
   https://bugzilla.suse.com/1137366
   https://bugzilla.suse.com/1137884
   https://bugzilla.suse.com/1137985
   https://bugzilla.suse.com/1138263
   https://bugzilla.suse.com/1138336
   https://bugzilla.suse.com/1138374
   https://bugzilla.suse.com/1138375
   https://bugzilla.suse.com/1138589
   https://bugzilla.suse.com/1138681
   https://bugzilla.suse.com/1138719
   https://bugzilla.suse.com/1138732

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2019:1744-1 important: the Linux Kernel

July 4, 2019
An update that solves three vulnerabilities and has 26 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. This update adds support for the Hygon Dhyana CPU (fate#327735). The following security bugs were fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (fate#327735). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: fir...

Read the Full Advisory

References

#1051510 #1071995 #1094555 #1111666 #1112374

#1114279 #1128432 #1134730 #1134738 #1135153

#1135296 #1135642 #1136156 #1136157 #1136271

#1136333 #1137103 #1137194 #1137366 #1137884

#1137985 #1138263 #1138336 #1138374 #1138375

#1138589 #1138681 #1138719 #1138732

Cross- CVE-2018-16871 CVE-2019-12614 CVE-2019-12817

Affected Products:

SUSE Linux Enterprise Module for Live Patching 15-SP1

https://www.suse.com/security/cve/CVE-2018-16871.html

https://www.suse.com/security/cve/CVE-2019-12614.html

https://www.suse.com/security/cve/CVE-2019-12817.html

https://bugzilla.suse.com/1051510

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1094555

https://bugzilla.suse.com/1111666

https://bugzilla.suse.com/1112374

https://bugzilla.suse.com/1114279

https://bugzilla.suse.com/1128432

https://bugzilla.suse.com/1134730

https...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2019:1744-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved