ID CVE-2018-8043
Summary The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Linux Kernel 4.15.8
    cpe:2.3:o:linux:linux_kernel:4.15.8
CVSS
Base: 2.1
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1173-1.NASL
    description The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 109647
    published 2018-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109647
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3619-1.NASL
    description Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) Fan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-26
    plugin id 108842
    published 2018-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108842
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3630-2.NASL
    description USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 109313
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109313
    title Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerability (USN-3630-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-CF76003E1F.NASL
    description The 4.15.9 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 108428
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108428
    title Fedora 27 : kernel (2018-cf76003e1f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-BF60EC1389.NASL
    description The 4.15.9 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 108427
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108427
    title Fedora 26 : kernel (2018-bf60ec1389)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1048-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 109310
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109310
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1048-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3632-1.NASL
    description It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) Fan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-04-24
    plugin id 109316
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109316
    title Ubuntu 16.04 LTS : linux-azure vulnerabilities (USN-3632-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0135.NASL
    description An update of 'linux', 'linux-esx' packages of Photon OS has been released.
    last seen 2018-09-02
    modified 2018-08-17
    plugin id 111937
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111937
    title Photon OS 1.0: Linux PHSA-2018-1.0-0135
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1173-2.NASL
    description The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-23
    modified 2018-10-22
    plugin id 118252
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118252
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-2)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-377.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). The following non-security bugs were fixed : - acpica: Add header support for TPM2 table changes (bsc#1084452). - acpica: Add support for new SRAT subtable (bsc#1085981). - acpica: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981). - acpi/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981). - acpi, numa: fix pxm to online numa node associations (bnc#1012382). - acpi / PMIC: xpower: Fix power_table addresses (bnc#1012382). - acpi/processor: Fix error handling in __acpi_processor_start() (bnc#1012382). - acpi/processor: Replace racy task affinity logic (bnc#1012382). - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382). - ahci: Add pci-id for the Highpoint Rocketraid 644L card (bnc#1012382). - alsa: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382). - alsa: aloop: Sync stale timer before release (bnc#1012382). - alsa: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382). - alsa: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382). - alsa: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382). - alsa: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382). - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda - Revert power_save option default value (git-fixes). - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - alsa: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382). - apparmor: Make path_max parameter readonly (bnc#1012382). - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032). - arm64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328). - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487). - arm: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382). - arm: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382). - arm: dts: Adjust moxart IRQ controller and flags (bnc#1012382). - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: exynos: Correct Trats2 panel reset line (bnc#1012382). - arm: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382). - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382). - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382). - ath10k: update tdls teardown state to target (bnc#1012382). - ath: Fix updating radar flags for coutry code India (bnc#1012382). - batman-adv: handle race condition for claims between gateways (bnc#1012382). - bcache: do not attach backing with duplicate UUID (bnc#1012382). - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382). - blk-throttle: make sure expire time isn't too big (bnc#1012382). - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087). - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967). - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382). - bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382). - bnx2x: Align RX buffers (bnc#1012382). - bonding: refine bond_fold_stats() wrap detection (bnc#1012382). - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382). - bpf: skip unnecessary capability check (bnc#1012382). - bpf, x64: implement retpoline for tail call (bnc#1012382). - bpf, x64: increase number of passes (bnc#1012382). - braille-console: Fix value returned by _braille_console_setup (bnc#1012382). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382). - btrfs: improve delayed refs iterations (bsc#1076033). - btrfs: incremental send, fix invalid memory access (git-fixes). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382). - can: cc770: Fix queue stall & dropped RTR reply (bnc#1012382). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382). - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - clk: bcm2835: Protect sections updating shared registers (bnc#1012382). - clk: ns2: Correct SDIO bits (bnc#1012382). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382). - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382). - coresight: Fix disabling of CoreSight TPIU (bnc#1012382). - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382). - cpufreq: Fix governor module removal race (bnc#1012382). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - cpufreq/sh: Replace racy task affinity logic (bnc#1012382). - cpuidle: Add new macro to enter a retention idle state (bsc#1084328). - cros_ec: fix nul-termination for firmware build info (bnc#1012382). - crypto: cavium - fix memory leak on info (bsc#1086518). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382). - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382). - dm: Always copy cmd_flags when cloning a request (bsc#1088087). - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382). - drm: Allow determining if current task is output poll worker (bnc#1012382). - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382). - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382). - drm/amdgpu: fix KV harvesting (bnc#1012382). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382). - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382). - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382). - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - drm/msm: fix leak in failed get_pages (bnc#1012382). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382). - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382). - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382). - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382). - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382). - drm/radeon: fix KV harvesting (bnc#1012382). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382). - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382). - e1000e: Remove Other from EIAC (bsc#1075428). - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c). - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382). - f2fs: relax node version check for victim data in gc (bnc#1012382). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382). - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382). - genirq: Track whether the trigger type has been set (git-fixes). - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hid: clamp input to logical range if no null state (bnc#1012382). - hid: reject input outside logical range only if null state is set (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - hv_balloon: fix bugs in num_pages_onlined accounting (fate#323887). - hv_balloon: fix printk loglevel (fate#323887). - hv_balloon: simplify hv_online_page()/hv_page_online_one() (fate#323887). - i2c: i2c-scmi: add a MS HID (bnc#1012382). - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310). - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310). - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799). - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799). - i40e: Acquire NVM lock before reads on all devices (bnc#1012382). - ia64: fix module loading for gcc-5.4 (bnc#1012382). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382). - IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382). - IB/mlx4: Change vma from shared to private (bnc#1012382). - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - IB/umem: Fix use of npages/nmap fields (bnc#1012382). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382). - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes). - ima: relax requiring a file signature for new files with zero length (bnc#1012382). - infiniband/uverbs: Fix integer overflows (bnc#1012382). - input: matrix_keypad - fix race when disabling interrupts (bnc#1012382). - input: qt1070 - add OF device ID table (bnc#1012382). - input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382). - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382). - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382). - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382). - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799). - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799). - ipmi_ssif: Fix logic around alert handling (bsc#1060799). - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799). - ipmi_ssif: unlock on allocation failure (bsc#1060799). - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799). - ipmi: Use the proper default value for register size in ACPI (bsc#1060799). - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382). - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981). - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382). - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382). - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382). - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes). - kprobes/x86: Set kprobes pages read-only (bnc#1012382). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499). - kvm: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499). - kvm: arm/arm64: vgic-its: Check result of allocation before use (bsc#). - kvm: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - kvm: nVMX: fix nested tsc scaling (bsc1087999). - kvm: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382). - kvm/x86: fix icebp instruction handling (bnc#1012382). - l2tp: do not accept arbitrary sockets (bnc#1012382). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382). - libata: remove WARN() for DMA or PIO command without data (bnc#1012382). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382). - loop: Fix lost writes caused by missing flag (bnc#1012382). - lpfc: update version to 11.4.0.7-1 (bsc#1085383). - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382). - mac80211: remove BUG() when interface type is invalid (bnc#1012382). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - md/raid10: skip spare disk as 'first' disk (bnc#1012382). - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382). - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382). - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382). - media: cpia2: Fix a couple off by one bugs (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media/dvb-core: Race condition when writing to CAM (bnc#1012382). - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382). - mmc: avoid removing non-removable hosts during suspend (bnc#1012382). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382). - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382). - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - mt7601u: check return value of alloc_skb (bnc#1012382). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382). - mtip32xx: use runtime tag to initialize command header (bnc#1012382). - net/8021q: create device with all possible features in wanted_features (bnc#1012382). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382). - net/faraday: Add missing include of of.h (bnc#1012382). - net: fec: Fix unbalanced PM runtime calls (bnc#1012382). - netfilter: add back stackpointer size checks (bnc#1012382). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382). - netfilter: nat: cope with negative port range (bnc#1012382). - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: ipv6: send unsolicited NA after DAD (git-fixes). - net: ipv6: send unsolicited NA on admin up (bnc#1012382). - net/iucv: Free memory obtained by kzalloc (bnc#1012382). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382). - net: xfrm: allow clearing socket xfrm policies (bnc#1012382). - nfc: nfcmrvl: double free on error path (bnc#1012382). - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfsd4: permit layoutget of executable-only files (bnc#1012382). - nfs: Fix an incorrect type in struct nfs_direct_req (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - nospec: Include dependency (bnc#1012382). - nvme: do not send keep-alive frames during reset (bsc#1084223). - nvme: do not send keep-alives to the discovery controller (bsc#1086607). - nvme: expand nvmf_check_if_ready checks (bsc#1085058). - nvme/rdma: do no start error recovery twice (bsc#1084967). - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574). - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382). - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - pci: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382). - pci: Add pci_reset_function_locked() (bsc#1084889). - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914). - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889). - pci: Avoid slot reset if bridge itself is broken (bsc#1084918). - pci: Export pcie_flr() (bsc#1084889). - pci: hv: Fix 2 hang issues in hv_compose_msi_msg() (fate#323887, bsc#1087659, bsc#1087906). - pci: hv: Fix a comment typo in _hv_pcifront_read_config() (fate#323887, bsc#1087659). - pci: hv: Only queue new work items in hv_pci_devices_present() if necessary (fate#323887, bsc#1087659). - pci: hv: Remove the bogus test in hv_eject_device_work() (fate#323887, bsc#1087659). - pci: hv: Serialize the present and eject work items (fate#323887, bsc#1087659). - pci: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015). - pci/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382). - pci: Probe for device reset support during enumeration (bsc#1084889). - pci: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889). - pci: Protect restore with device lock to be consistent (bsc#1084889). - pci: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889). - pci: Remove redundant probes for device reset support (bsc#1084889). - pci: Wait for up to 1000ms after FLR reset (bsc#1084889). - perf inject: Copy events when reordering events in pipe mode (bnc#1012382). - perf probe: Return errno when not hitting any event (bnc#1012382). - perf session: Do not rely on evlist in pipe mode (bnc#1012382). - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382). - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382). - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382). - perf/x86/intel/uncore: Fix multi-domain pci CHA enumeration bug on Skylake servers (bsc#1086357). - pinctrl: Really force states during suspend/resume (bnc#1012382). - platform/chrome: Use proper protocol transfer function (bnc#1012382). - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - power: supply: pda_power: move from timer to delayed_work (bnc#1012382). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - pty: cancel pty slave port buf's work in tty_release (bnc#1012382). - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Use after free in qed_rdma_free() (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484). - qlcnic: fix unchecked return value (bnc#1012382). - rcutorture/configinit: Fix build directory error message (bnc#1012382). - rdma/cma: Use correct size when writing netlink stats (bnc#1012382). - rdma/core: do not use invalid destination in determining port reuse (fate#321231 fate#321473 fate#322153 fate#322149). - rdma/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382). - rdma/mlx5: Fix integer overflow while resizing CQ (bnc#1012382). - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382). - rdma/ucma: Check that user does not overflow QP state (bnc#1012382). - rdma/ucma: Fix access to non-initialized CM_ID object (bnc#1012382). - rdma/ucma: Limit possible option size (bnc#1012382). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regulator: anatop: set default voltage selector for pcie (bnc#1012382). - reiserfs: Make cancel_old_flush() reliable (bnc#1012382). - Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux' (bnc#1012382). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs' (bnc#1012382). - Revert 'ipvlan: add L2 check for packets arriving via virtual devices' (reverted in upstream). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - rndis_wlan: add return value validation (bnc#1012382). - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470). - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470). - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470). - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490). - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490). - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491). - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491). - s390/qeth: fix SETIP command handling (bnc#1012382). - s390/qeth: free netdevice when removing a card (bnc#1012382). - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491). - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490). - s390/qeth: lock read device while queueing next buffer (bnc#1012382). - s390/qeth: on channel error, reject further cmd requests (bnc#1012382). - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490). - s390/qeth: when thread completes, wake up all waiters (bnc#1012382). - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382). - scsi: dh: add new rdac devices (bnc#1012382). - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383). - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383). - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383). - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383). - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383). - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383). - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382). - scsi: sg: check for valid direction before starting the request (bnc#1012382). - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382). - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206). - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes). - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382). - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382). - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382). - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382). - selinux: check for address length in selinux_socket_bind() (bnc#1012382). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382). - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382). - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382). - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382). - spi: dw: Disable clock after unregistering the host (bnc#1012382). - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382). - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382). - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382). - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382). - staging: comedi: fix comedi_nsamples_left (bnc#1012382). - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382). - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382). - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382). - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382). - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382). - staging: wilc1000: fix unchecked return value (bnc#1012382). - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135). - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382). - tcm_fileio: Prevent information leak for short reads (bnc#1012382). - tcp: remove poll() flakes with FastOpen (bnc#1012382). - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382). - team: Fix double free in error path (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit (bnc#1012382). - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382). - timers, sched_clock: Update timeout for clock wrap (bnc#1012382). - tools/usbip: fixes build with musl libc toolchain (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382). - tty/serial: atmel: add new version check for usart (bnc#1012382). - tty: vt: fix up tabstops properly (bnc#1012382). - uas: fix comparison for error code (bnc#1012382). - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211). - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382). - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382). - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382). - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382). - usb: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382). - usb: usbmon: Read text within supplied buffer size (bnc#1012382). - usb: usbmon: remove assignment from IS_ERR argument (bnc#1012382). - veth: set peer GSO values (bnc#1012382). - vgacon: Set VGA struct resource types (bnc#1012382). - video: ARM CLCD: fix dma allocation size (bnc#1012382). - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382). - video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382). - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382). - wan: pc300too: abort path on failure (bnc#1012382). - watchdog: hpwdt: Check source of NMI (bnc#1012382). - watchdog: hpwdt: fix unused variable warning (bnc#1012382). - watchdog: hpwdt: SMBIOS check (bnc#1012382). - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382). - workqueue: Allow retrieval of current task's work struct (bnc#1012382). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382). - x86/build/64: Force the linker to use 2MB page size (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86: i8259: export legacy_pic symbol (bnc#1012382). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/MCE: Serialize sysfs changes (bnc#1012382). - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382). - x86/mm: implement free pmd/pte page interfaces (bnc#1012382). - x86/module: Detect and skip invalid relocations (bnc#1012382). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86/vm86/32: Fix POPF emulation (bnc#1012382). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610).
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 109103
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109103
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3630-1.NASL
    description It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-31
    plugin id 109312
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109312
    title Ubuntu 17.10 : linux, linux-raspi2 vulnerability (USN-3630-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3619-2.NASL
    description USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026) It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5332) Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) Fan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-26
    plugin id 108878
    published 2018-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108878
    title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)
refmap via4
misc
sectrack 1040749
ubuntu
  • USN-3619-1
  • USN-3619-2
  • USN-3630-1
  • USN-3630-2
  • USN-3632-1
Last major update 10-03-2018 - 17:29
Published 10-03-2018 - 17:29
Last modified 09-05-2018 - 21:29
Back to Top