[SUSE-SU-2015:2167-1] Security update for kernel-source-rt
Security update for kernel-source-rt
The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version
3.0.101.rt130-45.1 to receive various security and bugfixes.
Following security bugs were fixed:
* CVE-2015-6252: Possible file descriptor leak for each
VHOST_SET_LOG_FDcommand issued, this could eventually wasting available
system resources and creating a denial of service (bsc#942367).
* CVE-2015-5707: Possible integer overflow in the calculation of total
number of pages in bio_map_user_iov() (bsc#940338).
* CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
the Linux kernel before 4.0.6 do not properly consider yielding a
processor, which allowed remote attackers to cause a denial of service
(system hang) via incorrect checksums within a UDP packet flood
(bnc#936831).
* CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return
values, which allowed remote attackers to cause a denial of service
(EPOLLET epoll application read outage) via an incorrect checksum in a
UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831).
* CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to
bypass intended size restrictions and trigger read operations on
additional memory locations by changing the handle_bytes value of a
file handle during the execution of this function (bnc#915517).
* CVE-2015-4700: The bpf_int_jit_compile function in
arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed
local users to cause a denial of service (system crash) by creating a
packet filter and then loading crafted BPF instructions that trigger
late convergence by the JIT compiler (bnc#935705).
* CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the
Linux kernel before 4.1.6 does not initialize a certain bitmap data
structure, which allows local users to obtain sensitive information
from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994)
The following non-security bugs were fixed:
- Btrfs: be aware of btree inode write errors to avoid fs corruption
(bnc#942350).
- Btrfs: be aware of btree inode write errors to avoid fs corruption
(bnc#942404).
- Btrfs: check if previous transaction aborted to avoid fs corruption
(bnc#942350).
- Btrfs: check if previous transaction aborted to avoid fs corruption
(bnc#942404).
- Btrfs: deal with convert_extent_bit errors to avoid fs corruption
(bnc#942350).
- Btrfs: deal with convert_extent_bit errors to avoid fs corruption
(bnc#942404).
- Btrfs: fix hang when failing to submit bio of directIO (bnc#942688).
- Btrfs: fix memory corruption on failure to submit bio for direct IO
(bnc#942688).
- Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).
- DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938).
- DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in
encoders (v2) (bsc#942938).
- DRM/i915: Get rid if the 'hotplug_supported_mask' in struct
drm_i915_private (bsc#942938).
- DRM/i915: Remove i965_hpd_irq_setup (bsc#942938).
- DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938).
- CIFS: Fix missing crypto allocation (bnc#937402).
- IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
- IB/iser: Add Discovery support (bsc#923002).
- IB/iser: Move informational messages from error to info level
(bsc#923002).
- SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002)
- SCSI: kabi: allow iscsi disocvery session support (bsc#923002).
- SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
- SCSI: fix scsi_error_handler vs. scsi_host_dev_release race
(bnc#942204).
- SCSI: scsi_error: add missing case statements in
scsi_decide_disposition() (bsc#920733).
- SCSI: scsi_transport_iscsi: Exporting new attrs for iscsi session and
connection in sysfs (bsc#923002).
- NFSD: Fix nfsv4 opcode decoding error (bsc#935906).
- NFSv4: Minor cleanups for nfs4_handle_exception and
nfs4_async_handle_error (bsc#939910).
- New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch
- PCI: Disable Bus Master only on kexec reboot (bsc#920110).
- PCI: Disable Bus Master unconditionally in pci_device_shutdown()
(bsc#920110).
- PCI: Do not try to disable Bus Master on disconnected PCI devices
(bsc#920110).
- PCI: Lock down register access when trusted_kernel is true (bnc#884333,
bsc#923431).
- PCI: disable Bus Master on PCI device shutdown (bsc#920110).
- Set hostbyte status in scsi_check_sense() (bsc#920733).
- USB: xhci: Reset a halted endpoint immediately when we encounter a
stall (bnc#933721).
- USB: xhci: do not start a halted endpoint before its new dequeue is set
(bnc#933721).
- apparmor: fix file_permission if profile is updated (bsc#917968).
- drm/cirrus: do not attempt to acquire a reservation while in an
interrupt handler (bsc#935572).
- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).
- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).
- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)
(bsc#942938).
- drm/i915: Add bit field to record which pins have received HPD events
(v3) (bsc#942938).
- drm/i915: Add messages useful for HPD storm detection debugging (v2)
(bsc#942938).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt
(bsc#942938).
- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)
(bsc#942938).
- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch
platforms (bsc#942938).
- drm/i915: Enable hotplug interrupts after querying hw capabilities
(bsc#942938).
- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).
- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).
- drm/i915: Make hpd arrays big enough to avoid out of bounds access
(bsc#942938).
- drm/i915: Mask out the HPD irq bits before setting them individually
(bsc#942938).
- drm/i915: Only print hotplug event message when hotplug bit is set
(bsc#942938).
- drm/i915: Only reprobe display on encoder which has received an HPD
event (v2) (bsc#942938).
- drm/i915: Queue reenable timer also when enable_hotplug_processing is
false (bsc#942938).
- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).
- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()
(bsc#942938).
- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets
(bsc#942938).
- drm/i915: assert_spin_locked for pipestat interrupt enable/disable
(bsc#942938).
- drm/i915: clear crt hotplug compare voltage field before setting
(bsc#942938).
- drm/i915: close tiny race in the ilk pcu even interrupt setup
(bsc#942938).
- drm/i915: fix hotplug event bit tracking (bsc#942938).
- drm/i915: fix hpd interrupt register locking (bsc#942938).
- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock
(bsc#942938).
- drm/i915: fix locking around ironlake_enable|disable_display_irq
(bsc#942938).
- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler
(bsc#942938).
- drm/i915: fold the no-irq check into intel_hpd_irq_handler
(bsc#942938).
- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).
- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).
- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/
(bsc#942938).
- drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).
- ehci-pci: enable interrupt on BayTrail (bnc926007).
- exec: kill the unnecessary mm->def_flags setting in
load_elf_binary() (bnc#891116).
- ext3: Fix data corruption in inodes with journalled data (bsc#936637).
- fanotify: Fix deadlock with permission events (bsc#935053).
- fork: reset mm->pinned_vm (bnc#937855).
- hrtimer: prevent timer interrupt DoS (bnc#886785).
- hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES
(bnc#930092).
- hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
- hv_storvsc: use small sg_tablesize on x86 (bnc#937256).
- ibmveth: Add GRO support (bsc#935055).
- ibmveth: Add support for Large Receive Offload (bsc#935055).
- ibmveth: Add support for TSO (bsc#935055).
- ibmveth: add support for TSO6.
- ibmveth: change rx buffer default allocation for CMO (bsc#935055).
- igb: do not reuse pages with pfmemalloc flag fix (bnc#920016).
- inotify: Fix nested sleeps in inotify_read() (bsc#940925).
- iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
- iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).
- ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned
(bsc#927355).
- kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch
(bnc#920016).
- kabi: wrapper include file with GENKSYMS check to avoid kabi change
(bsc920110).
- kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
- kernel: do full redraw of the 3270 screen on reconnect (bnc#943477,
LTC#129509).
- libiscsi: Exporting new attrs for iscsi session and connection in sysfs
(bsc#923002).
- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485).
- mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
- mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM
Performance).
- mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620).
- mm, thp: fix collapsing of hugepages on madvise (VM Functionality).
- mm, thp: only collapse hugepages to nodes with affinity for
zone_reclaim_mode (VM Functionality, bnc#931620).
- mm, thp: really limit transparent hugepage allocation to local node (VM
Performance, bnc#931620).
- mm, thp: respect MPOL_PREFERRED policy with non-local node (VM
Performance, bnc#931620).
- mm/hugetlb: check for pte NULL pointer in __page_check_address()
(bnc#929143).
- mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM
Performance, bnc#931620).
- mm/thp: allocate transparent hugepages on local node (VM Performance,
bnc#931620).
- mm: make page pfmemalloc check more robust (bnc#920016).
- mm: restrict access to slab files under procfs and sysfs (bnc#936077).
- mm: thp: khugepaged: add policy for finding target node (VM
Functionality, bnc#931620).
- net/mlx4_core: Do not disable SRIOV if there are active VFs
(bsc#927355).
- net: Fix 'ip rule delete table 256' (bsc#873385).
- net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference
(bsc#867362).
- net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
- netfilter: nf_conntrack_proto_sctp: minimal multihoming support
(bsc#932350).
- nfsd: support disabling 64bit dir cookies (bnc#937503).
- pagecache limit: Do not skip over small zones that easily (bnc#925881).
- pagecache limit: add tracepoints (bnc#924701).
- pagecache limit: export debugging counters via /proc/vmstat
(bnc#924701).
- pagecache limit: fix wrong nr_reclaimed count (bnc#924701).
- pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
- pci: Add SRIOV helper function to determine if VFs are assigned to
guest (bsc#927355).
- pci: Add flag indicating device has been assigned by KVM (bnc#777565).
- pci: Add flag indicating device has been assigned by KVM (bnc#777565).
- perf, nmi: Fix unknown NMI warning (bsc#929142).
- perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).
- qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp()
(bsc#936095).
- r8169: remember WOL preferences on driver load (bsc#942305).
- s390/dasd: fix kernel panic when alias is set offline (bnc#940966,
LTC#128595).
- sg_start_req(): make sure that there's not too many elements in iovec
(bsc#940338).
- st: null pointer dereference panic caused by use after kref_put by
st_open (bsc#936875).
- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
port reset (bnc#937641).
- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
(bnc#933721).
- usb: xhci: handle Config Error Change (CEC) in xhci driver
(bnc#933721).
- vmxnet3: Bump up driver version number (bsc#936423).
- vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
- vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
- vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
- x86-64: Do not apply destructive erratum workaround on unaffected CPUs
(bsc#929076).
- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
- x86/tsc: Change Fast TSC calibration failed from error to info
(bnc#942605).
- xfs: fix problem when using md+XFS under high load (bnc#925705).
- xhci: Allocate correct amount of scratchpad buffers (bnc#933721).
- xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).
- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
(bnc#933721).
- xhci: Treat not finding the event_seg on COMP_STOP the same as
COMP_STOP_INVAL (bnc#933721).
- xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).
- xhci: do not report PLC when link is in internal resume state
(bnc#933721).
- xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).
- xhci: report U3 when link is in resume state (bnc#933721).
- xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).
- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921,
LTC#126491).
- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,
LTC#126491).
- ID
- SUSE-SU-2015:2167-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2015/suse-su-20152167-1/
- Published
-
2015-12-02T10:32:42
(8 years ago) - Modified
-
2015-12-02T10:32:42
(8 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2015-565
-
DSA-3170-1
-
DSA-3313-1
-
DSA-3329-1
-
DSA-3364-1
-
ELSA-2015-1623
-
ELSA-2015-1778
-
ELSA-2015-3066
-
ELSA-2015-3067
-
ELSA-2015-3068
-
ELSA-2015-3071
-
ELSA-2015-3072
-
ELSA-2015-3073
-
ELSA-2016-0045
-
ELSA-2017-3516
-
ELSA-2017-3534
-
ELSA-2017-3535
-
ELSA-2017-3566
-
ELSA-2017-3567
-
FEDORA-2015-10677
-
FEDORA-2015-10678
-
FEDORA-2015-12437
-
FEDORA-2015-12908
-
FEDORA-2015-12917
-
FEDORA-2015-13391
-
FEDORA-2015-13396
-
FEDORA-2015-9704
-
FEDORA-2015-9712
-
RHSA-2015:1623
-
RHSA-2015:1778
-
RHSA-2015:1788
-
SUSE-SU-2015:1224-1
-
SUSE-SU-2015:1324-1
-
SUSE-SU-2015:1478-1
-
SUSE-SU-2015:1487-1
-
SUSE-SU-2015:1488-1
-
SUSE-SU-2015:1489-1
-
SUSE-SU-2015:1490-1
-
SUSE-SU-2015:1491-1
-
SUSE-SU-2015:1592-1
-
SUSE-SU-2015:1611-1
-
SUSE-SU-2015:1678-1
-
SUSE-SU-2015:1727-1
-
SUSE-SU-2015:2084-1
-
SUSE-SU-2015:2085-1
-
SUSE-SU-2015:2086-1
-
SUSE-SU-2015:2087-1
-
SUSE-SU-2015:2089-1
-
SUSE-SU-2015:2090-1
-
SUSE-SU-2015:2091-1
-
SUSE-SU-2015:2108-1
-
SUSE-SU-2016:0354-1
-
SUSE-SU-2016:0585-1
-
SUSE-SU-2016:0785-1
-
SUSE-SU-2016:2074-1
-
USN-2660-1
-
USN-2661-1
-
USN-2662-1
-
USN-2663-1
-
USN-2664-1
-
USN-2665-1
-
USN-2666-1
-
USN-2667-1
-
USN-2678-1
-
USN-2679-1
-
USN-2680-1
-
USN-2681-1
-
USN-2682-1
-
USN-2683-1
-
USN-2684-1
-
USN-2685-1
-
USN-2713-1
-
USN-2714-1
-
USN-2731-1
-
USN-2732-1
-
USN-2733-1
-
USN-2734-1
-
USN-2737-1
-
USN-2738-1
-
USN-2748-1
-
USN-2749-1
-
USN-2750-1
-
USN-2751-1
-
USN-2752-1
-
USN-2759-1
-
USN-2760-1
-
USN-2777-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |