SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes. The following security bugs were fixed :

- CVE-2017-7482: Several missing length checks ticket
decode allowing for information leak or potentially code
execution (bsc#1046107).

- CVE-2016-10277: Potential privilege escalation due to a
missing bounds check in the lp driver. A kernel
command-line adversary can overflow the parport_nr array
to execute code (bsc#1039456).

- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local
users to cause a denial of service (integer overflow and
infinite loop) by leveraging the ability to open a raw
socket (bsc#1049882).

- CVE-2017-7533: Bug in inotify code allowing privilege
escalation (bsc#1049483).

- CVE-2017-11176: The mq_notify function in the Linux
kernel did not set the sock pointer to NULL upon entry
into the retry logic. During a user-space close of a
Netlink socket, it allowed attackers to cause a denial
of service (use-after-free) or possibly have unspecified
other impact (bsc#1048275).

- CVE-2017-11473: Buffer overflow in the
mp_override_legacy_irq() function in
arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
local users to gain privileges via a crafted ACPI table

- CVE-2017-1000365: The Linux Kernel imposed a size
restriction on the arguments and environmental strings
passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the
size), but did not take the argument and environment
pointers into account, which allowed attackers to bypass
this limitation. (bnc#1039354)

- CVE-2014-9922: The eCryptfs subsystem in the Linux
kernel allowed local users to gain privileges via a
large filesystem stack that includes an overlayfs layer,
related to fs/ecryptfs/main.c and fs/overlayfs/super.c

- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed
local users to obtain sensitive information (in the
dmesg ringbuffer and syslog) from uninitialized kernel
memory by using a crafted USB device (posing as an io_ti
USB serial device) to trigger an integer underflow

- CVE-2017-8925: The omninet_open function in
drivers/usb/serial/omninet.c in the Linux kernel allowed
local users to cause a denial of service (tty
exhaustion) by leveraging reference count mishandling

- CVE-2017-1000380: sound/core/timer.c was vulnerable to a
data race in the ALSA /dev/snd/timer driver resulting in
local users being able to read information belonging to
other users, i.e., uninitialized memory contents could
have bene disclosed when a read and an ioctl happen at
the same time (bnc#1044125)

- CVE-2017-9242: The __ip6_append_data function in
net/ipv6/ip6_output.c was too late in checking whether
an overwrite of an skb data structure may occur, which
allowed local users to cause a denial of service (system
crash) via crafted system calls (bnc#1041431)

- CVE-2017-1000363: A buffer overflow in kernel
commandline handling of the 'lp' parameter could be used
by local console attackers to bypass certain secure boot
settings. (bnc#1039456)

- CVE-2017-9076: The dccp_v6_request_recv_sock function in
net/dccp/ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890

- CVE-2017-9077: The tcp_v6_syn_recv_sock function in
net/ipv6/tcp_ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890

- CVE-2017-9075: The sctp_v6_create_accept_sk function in
net/sctp/ipv6.c in the Linux kernel mishandled
inheritance, which allowed local users to cause a denial
of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890

- CVE-2017-9074: The IPv6 fragmentation implementation in
the Linux kernel did not consider that the nexthdr field
may be associated with an invalid option, which allowed
local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882)

- CVE-2017-7487: The ipxitf_ioctl function in
net/ipx/af_ipx.c in the Linux kernel mishandled
reference counts, which allowed local users to cause a
denial of service (use-after-free) or possibly have
unspecified other impact via a failed SIOCGIFADDR ioctl
call for an IPX interface (bnc#1038879)

- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel
allowed attackers to cause a denial of service (double
free) or possibly have unspecified other impact by
leveraging use of the accept system call (bnc#1038544)

- CVE-2017-2647: The KEYS subsystem in the Linux kernel
allowed local users to gain privileges or cause a denial
of service (NULL pointer dereference and system crash)
via vectors involving a NULL value for a certain match
field, related to the keyring_search_iterator function
in keyring.c (bnc#1030593)

- CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer
dereference and OOPS) via a request_key system call for
the 'dead' type (bnc#1029850) The following non-security
bugs were fixed :

- 8250: use callbacks to access UART_DLL/UART_DLM.

- ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).

- ALSA: hda - Fix regression of HD-audio controller
fallback modes (bsc#1045538).

- ALSA: hda - using uninitialized data (bsc#1045538).

- ALSA: hda/realtek - Correction of fixup codes for PB
V7900 laptop (bsc#1045538).

- ALSA: hda/realtek - Fix COEF widget NID for ALC260
replacer fixup (bsc#1045538).

- ALSA: off by one bug in snd_riptide_joystick_probe()

- ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat
mode (bsc#1045538).

- Add CVE tag to references

- CIFS: backport prepath matching fix (bsc#799133).

- Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).

- EDAC, amd64_edac: Shift wrapping issue in

- Fix scripts/bigmem-generate-ifdef-guard to work on all

- Fix soft lockup in svc_rdma_send (bsc#1044854).

- IB/mlx4: Demote mcg message from warning to debug

- IB/mlx4: Fix ib device initialization error flow

- IB/mlx4: Fix port query for 56Gb Ethernet links

- IB/mlx4: Handle well-known-gid in mad_demux processing

- IB/mlx4: Reduce SRIOV multicast cleanup warning message
to debug level (bsc#919382).

- IB/mlx4: Set traffic class in AH (bsc#919382).

- Implement an ioctl to support the USMTMC-USB488
READ_STATUS_BYTE operation (bsc#1036288).

- Input: cm109 - validate number of endpoints before using
them (bsc#1037193).

- Input: hanwang - validate number of endpoints before
using them (bsc#1037232).

- Input: yealink - validate number of endpoints before
using them (bsc#1037227).

- KEYS: Disallow keyrings beginning with '.' to be joined
as session keyrings (bnc#1035576).

- NFS: Avoid getting confused by confused server

- NFS: Fix another OPEN_DOWNGRADE bug (git-next).

- NFS: Fix size of NFSACL SETACL operations (git-fixes).

- NFS: Make nfs_readdir revalidate less often

- NFS: tidy up nfs_show_mountd_netid (git-fixes).

- NFSD: Do not use state id of 0 - it is reserved
(bsc#1049688 bsc#1051770).

- NFSv4: Do not call put_rpccred() under the
rcu_read_lock() (git-fixes).

- NFSv4: Fix another bug in the close/open_downgrade code

- NFSv4: Fix problems with close in the presence of a
delegation (git-fixes).

- NFSv4: Fix the underestimation of delegation XDR space
reservation (git-fixes).

- NFSv4: fix getacl head length estimation (git-fixes).

- PCI: Fix devfn for VPD access through function 0
(bnc#943786 git-fixes).

- Remove superfluous make flags (bsc#1012422)

- Return short read or 0 at end of a raw device, not EIO

- Revert 'math64: New div64_u64_rem helper' (bnc#938352).

- SUNRPC: Fix a memory leak in the backchannel code

- Staging: vt6655-6: potential NULL dereference in
hostap_disable_hostapd() (bsc#1045479).

- USB: class: usbtmc.c: Cleaning up uninitialized
variables (bsc#1036288).

- USB: class: usbtmc: do not print error when allocating
urb fails (bsc#1036288).

- USB: class: usbtmc: do not print on ENOMEM

- USB: iowarrior: fix NULL-deref in write (bsc#1037359).

- USB: iowarrior: fix info ioctl on big-endian hosts

- USB: r8a66597-hcd: select a different endpoint on
timeout (bsc#1047053).

- USB: serial: ark3116: fix register-accessor error
handling (git-fixes).

- USB: serial: ch341: fix open error handling

- USB: serial: cp210x: fix tiocmget error handling

- USB: serial: ftdi_sio: fix line-status over-reporting

- USB: serial: io_edgeport: fix epic-descriptor handling

- USB: serial: io_ti: fix information leak in completion
handler (git-fixes).

- USB: serial: mos7840: fix another NULL-deref at open

- USB: serial: oti6858: fix NULL-deref at open

- USB: serial: sierra: fix bogus alternate-setting
assumption (bsc#1037441).

- USB: serial: spcp8x5: fix NULL-deref at open

- USB: usbip: fix nonconforming hub descriptor

- USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data

- USB: usbtmc: Change magic number to constant

- USB: usbtmc: Set rigol_quirk if device is listed

- USB: usbtmc: TMC request code segregated from
usbtmc_read (bsc#1036288).

- USB: usbtmc: add device quirk for Rigol DS6104

- USB: usbtmc: add missing endpoint sanity check

- USB: usbtmc: fix DMA on stack (bsc#1036288).

- USB: usbtmc: fix big-endian probe of Rigol devices

- USB: usbtmc: fix probe error path (bsc#1036288).

- USB: usbtmc: usbtmc_read sends multiple TMC header based
on rigol_quirk (bsc#1036288).

- USB: wusbcore: fix NULL-deref at probe (bsc#1045487).

- Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).

- Use make --output-sync feature when available

- Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).

- __bitmap_parselist: fix bug in empty string handling

- acpi: Disable APEI error injection if securelevel is set
(bsc#972891, bsc#1023051).

- af_key: Add lock to key dump (bsc#1047653).

- af_key: Fix slab-out-of-bounds in pfkey_compile_policy

- ath9k: fix buffer overrun for ar9287 (bsc#1045538).

- blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when
enabling PMU (bsc#1035721).

- blacklist.conf: Add a few inapplicable items

- blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32:
Set ftrace_stub to weak to prevent gcc from using short
jumps to it') The released kernels are not build with a
gas new enough to optimize the jmps so that this patch
would be required. (bsc#1051478)

- blkback/blktap: do not leak stack data via response ring
(bsc#1042863 XSA-216).

- block: do not allow updates through sysfs until
registration completes (bsc#1047027).

- block: fix ext_dev_lock lockdep report (bsc#1050154).

- btrfs: Do not clear SGID when inheriting ACLs

- cifs: Timeout on SMBNegotiate request (bsc#1044913).

- cifs: do not compare uniqueids in cifs_prime_dcache
unless server inode numbers are in use (bsc#1041975).
backporting upstream commit

- cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).

- cputime: Avoid multiplication overflow on utime scaling

- crypto: nx - off by one bug in nx_of_update_msc()

- decompress_bunzip2: off by one in get_next_block()

- dentry name snapshots (bsc#1049483).

- devres: fix a for loop bounds check (git-fixes).

- dm: fix ioctl retry termination with signal

- drm/mgag200: Add support for G200eH3 (bnc#1044216)

- drm/mgag200: Fix to always set HiPri for G200e4
(bsc#1015452, bsc#995542).

- ext2: Do not clear SGID when inheriting ACLs

- ext3: Do not clear SGID when inheriting ACLs

- ext4: Do not clear SGID when inheriting ACLs

- ext4: fix fdatasync(2) after extent manipulation
operations (bsc#1013018).

- ext4: keep existing extra fields when inode expands

- fbdev/efifb: Fix 16 color palette entry calculation

- firmware: fix directory creation rule matching with make
3.80 (bsc#1012422).

- firmware: fix directory creation rule matching with make
3.82 (bsc#1012422).

- fixed invalid assignment of 64bit mask to host
dma_boundary for scatter gather segment boundary limit

- fnic: Return 'DID_IMM_RETRY' if rport is not ready

- fnic: Using rport->dd_data to check rport online instead
of rport_lookup (bsc#1035920).

- fs/block_dev: always invalidate cleancache in
invalidate_bdev() (git-fixes).

- fs/xattr.c: zero out memory copied to userspace in
getxattr (bsc#1013018).

- fs: fix data invalidation in the cleancache during
direct IO (git-fixes).

- fuse: add missing FR_FORCE (bsc#1013018).

- genirq: Prevent proc race against freeing of irq
descriptors (bnc#1044230).

- hrtimer: Allow concurrent hrtimer_start() for self
restarting timers (bnc#1013018).

- initial cr0 bits (bnc#1036056, LTC#153612).

- ipmr, ip6mr: fix scheduling while atomic and a deadlock
with ipmr_get_route (git-fixes).

- irq: Fix race condition (bsc#1042615).

- isdn/gigaset: fix NULL-deref at probe (bsc#1037356).

- isofs: Do not return EACCES for unknown filesystems

- jsm: add support for additional Neo cards (bsc#1045615).

- kernel-binary.spec: Propagate MAKE_ARGS to %build

- libata: fix sff host state machine locking while polling

- libceph: NULL deref on crush_decode() error path

- libceph: potential NULL dereference in
ceph_msg_data_create() (bsc#1051515).

- libfc: fixup locking in fc_disc_stop() (bsc#1029140).

- libfc: move 'pending' and 'requested' setting

- libfc: only restart discovery after timeout if not
already running (bsc#1029140).

- locking/rtmutex: Prevent dequeue vs. unlock race

- math64: New div64_u64_rem helper (bnc#938352).

- md/raid0: apply base queue limits *before*
disk_stack_limits (git-fixes).

- md/raid1: extend spinlock to protect
raid1_end_read_request against inconsistencies

- md/raid1: fix test for 'was read error from last working
device' (git-fixes).

- md/raid5: Fix CPU hotplug callback registration

- md/raid5: do not record new size if resize_stripes fails

- md: ensure md devices are freed before module is
unloaded (git-fixes).

- md: fix a null dereference (bsc#1040351).

- md: flush ->event_work before stopping array

- md: make sure GET_ARRAY_INFO ioctl reports correct
'clean' status (git-fixes).

- md: use separate bio_pool for metadata writes

- megaraid_sas: add missing curly braces in ioctl handler

- mlx4: reduce OOM risk on arches with large pages

- mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual
VMA check (VM Functionality, bsc#1042832).

- mm/memory-failure.c: use compound_head() flags for huge
pages (bnc#971975 VM -- git fixes).

- mm: hugetlb: call huge_pte_alloc() only if ptep is null
(VM Functionality, bsc#1042832).

- mmc: core: add missing pm event in mmc_pm_notify to fix
hib restore (bsc#1045547).

- mmc: ushc: fix NULL-deref at probe (bsc#1037191).

- module: fix memory leak on early load_module() failures

- mwifiex: printk() overflow with 32-byte SSIDs

- net/mlx4: Fix the check in attaching steering rules

- net/mlx4: Fix uninitialized fields in rule when adding
promiscuous mode to device managed flow steering

- net/mlx4_core: Eliminate warning messages for SRQ_LIMIT
under SRIOV (bsc#919382).

- net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF
port to physical (bsc#919382).

- net/mlx4_core: Fix VF overwrite of module param which
disables DMFS on new probed PFs (bsc#919382).

- net/mlx4_core: Fix when to save some qp context flags
for dynamic VST to VGT transitions (bsc#919382).

- net/mlx4_core: Get num_tc using netdev_get_num_tc

- net/mlx4_core: Prevent VF from changing port
configuration (bsc#919382).

- net/mlx4_core: Use cq quota in SRIOV when creating
completion EQs (bsc#919382).

- net/mlx4_core: Use-after-free causes a resource leak in
flow-steering detach (bsc#919382).

- net/mlx4_en: Avoid adding steering rules with invalid
ring (bsc#919382).

- net/mlx4_en: Change the error print to debug print

- net/mlx4_en: Fix type mismatch for 32-bit systems

- net/mlx4_en: Resolve dividing by zero in 32-bit system

- net/mlx4_en: Wake TX queues only when there's enough
room (bsc#1039258).

- net/mlx4_en: fix overflow in mlx4_en_init_timestamp()

- net: avoid reference counter overflows on fib_rules in
multicast forwarding (git-fixes).

- net: ip6mr: fix static mfc/dev leaks on table
destruction (git-fixes).

- net: ipmr: fix static mfc/dev leaks on table destruction

- net: wimax/i2400m: fix NULL-deref at probe

- netxen_nic: set rcode to the return status from the call
to netxen_issue_cmd (bnc#784815).

- nfs: fix nfs_size_to_loff_t (git-fixes).

- nfsd4: minor NFSv2/v3 write decoding cleanup

- nfsd: check for oversized NFSv2/v3 arguments

- nfsd: stricter decoding of write-like NFSv2/v3 ops

- ocfs2: Do not clear SGID when inheriting ACLs

- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race
with ocfs2_unblock_lock (bsc#962257).

- perf/core: Correct event creation with PERF_FORMAT_GROUP

- perf/core: Fix event inheritance on fork()

- powerpc/ibmebus: Fix device reference leaks in sysfs
interface (bsc#1035777 [2017-04-24] Pending Base Kernel

- powerpc/ibmebus: Fix further device reference leaks
(bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).

- powerpc/mm/hash: Check for non-kernel address in
get_kernel_vsid() (bsc#1032471).

- powerpc/mm/hash: Convert mask to unsigned long

- powerpc/mm/hash: Increase VA range to 128TB

- powerpc/mm/hash: Properly mask the ESID bits when
building proto VSID (bsc#1032471).

- powerpc/mm/hash: Support 68 bit VA (bsc#1032471).

- powerpc/mm/hash: Use context ids 1-4 for the kernel

- powerpc/mm/slice: Convert slice_mask high slice to a
bitmap (bsc#1032471).

- powerpc/mm/slice: Fix off-by-1 error when computing
slice mask (bsc#1032471).

- powerpc/mm/slice: Move slice_mask struct definition to
slice.c (bsc#1032471).

- powerpc/mm/slice: Update slice mask printing to use
bitmap printing (bsc#1032471).

- powerpc/mm/slice: Update the function prototype

- powerpc/mm: Do not alias user region to other regions
below PAGE_OFFSET (bsc#928138).

- powerpc/mm: Remove checks that TASK_SIZE_USER64 is too
small (bsc#1032471).

- powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of
digital (bsc#1032471).

- powerpc/pci/rpadlpar: Fix device reference leaks
(bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).

- powerpc/pseries: Release DRC when configure_connector
fails (bsc#1035777, Pending Base Kernel Fixes).

- powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).

- powerpc: Remove STAB code (bsc#1032471).

- random32: fix off-by-one in seeding requirement

- reiserfs: Do not clear SGID when inheriting ACLs

- reiserfs: do not preallocate blocks for extended
attributes (bsc#990682).

- rfkill: fix rfkill_fop_read wait_event usage

- s390/qdio: clear DSCI prior to scanning multiple input
queues (bnc#1046715, LTC#156234).

- s390/qeth: no ETH header for outbound AF_IUCV
(bnc#1046715, LTC#156276).

- s390/qeth: size calculation outbound buffers
(bnc#1046715, LTC#156276).

- sched/core: Remove false-positive warning from
wake_up_process() (bnc#1044882).

- sched/cputime: Do not scale when utime == 0

- sched/debug: Print the scheduler topology group mask

- sched/fair, cpumask: Export for_each_cpu_wrap()

- sched/fair: Fix min_vruntime tracking (bnc#1013018).

- sched/rt: Fix PI handling vs. sched_setscheduler()
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix
min_vruntime tracking

- sched/topology: Fix building of overlapping sched-groups

- sched/topology: Fix overlapping sched_group_capacity

- sched/topology: Fix overlapping sched_group_mask

- sched/topology: Move comment about asymmetric node
setups (bnc#1013018).

- sched/topology: Optimize build_group_mask()

- sched/topology: Refactor function
build_overlap_sched_groups() (bnc#1013018).

- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).

- sched/topology: Simplify build_overlap_sched_groups()

- sched/topology: Verify the first group matches the child
domain (bnc#1013018).

- sched: Always initialize cpu-power (bnc#1013018).

- sched: Avoid cputime scaling overflow (bnc#938352).

- sched: Avoid prev->stime underflow (bnc#938352).

- sched: Do not account bogus utime (bnc#938352).

- sched: Fix SD_OVERLAP (bnc#1013018).

- sched: Fix domain iteration (bnc#1013018).

- sched: Lower chances of cputime scaling overflow

- sched: Move nr_cpus_allowed out of 'struct
sched_rt_entity' (bnc#1013018). Prep for b60205c7c558
sched/fair: Fix min_vruntime tracking

- sched: Rename a misleading variable in
build_overlap_sched_groups() (bnc#1013018).

- sched: Use swap() macro in scale_stime() (bnc#938352).

- scsi: bnx2i: missing error code in bnx2i_ep_connect()

- scsi: fix race between simultaneous decrements of
->host_failed (bsc#1050154).

- scsi: fnic: Correcting rport check location in
fnic_queuecommand_lck (bsc#1035920).

- scsi: mvsas: fix command_active typo (bsc#1050154).

- scsi: qla2xxx: Fix scsi scan hang triggered if adapter
fails during init (bsc#1050154).

- sfc: do not device_attach if a reset is pending

- smsc75xx: use skb_cow_head() to deal with cloned skbs

- splice: Stub splice_write_to_file (bsc#1043234).

- svcrdma: Fix send_reply() scatter/gather set-up

- target/iscsi: Fix double free in
lio_target_tiqn_addtpg() (bsc#1050154).

- tracing/kprobes: Enforce kprobes teardown after testing

- tracing: Fix syscall_*regfunc() vs copy_process() race

- udf: Fix deadlock between writeback and udf_setsize()

- udf: Fix races with i_size changes during readpage

- usbtmc: remove redundant braces (bsc#1036288).

- usbtmc: remove trailing spaces (bsc#1036288).

- usbvision: fix NULL-deref at probe (bsc#1050431).

- uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).

- uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).

- vb2: Fix an off by one error in 'vb2_plane_vaddr'

- vmxnet3: avoid calling pskb_may_pull with interrupts
disabled (bsc#1045356).

- vmxnet3: fix checks for dma mapping errors

- vmxnet3: fix lock imbalance in vmxnet3_tq_xmit()

- x86, mm, paravirt: Fix vmalloc_fault oops during lazy
MMU updates (bsc#948562).

- x86/pci-calgary: Fix iommu_free() comparison of unsigned
expression greater than 0 (bsc#1051478).

- xen: avoid deadlock in xenbus (bnc#1047523).

- xfrm: NULL dereference on allocation failure

- xfrm: Oops on error in pfkey_msg2xfrm_state()

- xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).

- xfs: Synchronize xfs_buf disposal routines

- xfs: use ->b_state to fix buffer I/O accounting release
race (bsc#1041160).

- xprtrdma: Free the pd if ib_query_qp() fails

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-kernel-13274=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch

SUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch

SUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t
patch slehasp4-kernel-13274=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false