SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive
various security and bugfixes.

These features were added :

- mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array
support (bsc#854824).

- mpt3sas: Bump mpt3sas driver version to

Following security bugs were fixed :

- CVE-2015-1805: iov overrun for failed atomic copy could
have lead to DoS or privilege escalation (bsc#933429).

- CVE-2015-3212: A race condition in the way the Linux
kernel handled lists of associations in SCTP sockets
could have lead to list corruption and kernel panics

- CVE-2015-4036: DoS via memory corruption in vhost/scsi
driver (bsc#931988).

- CVE-2015-4167: Linux kernel built with the UDF file
system(CONFIG_UDF_FS) support was vulnerable to a crash.
It occurred while fetching inode information from a
corrupted/malicious udf file system image (bsc#933907).

- CVE-2015-4692: DoS via NULL pointer dereference in
kvm_apic_has_events function (bsc#935542).

- CVE-2015-5364: Remote DoS via flood of UDP packets with
invalid checksums (bsc#936831).

- CVE-2015-5366: Remote DoS of EPOLLET epoll applications
via flood of UDP packets with invalid checksums

Security issues already fixed in the previous update but not
referenced by CVE :

- CVE-2014-9728: Kernel built with the UDF file
system(CONFIG_UDF_FS) support were vulnerable to a crash

- CVE-2014-9729: Kernel built with the UDF file
system(CONFIG_UDF_FS) support were vulnerable to a crash

- CVE-2014-9730: Kernel built with the UDF file
system(CONFIG_UDF_FS) support were vulnerable to a crash

- CVE-2014-9731: Kernel built with the UDF file
system(CONFIG_UDF_FS) support were vulnerable to
information leakage (bsc#933896).

The following non-security bugs were fixed :

- ALSA: hda - add codec ID for Skylake display audio codec

- ALSA: hda/hdmi - apply Haswell fix-ups to Skylake
display codec (bsc#936556).

- ALSA: hda_controller: Separate stream_tag for input and
output streams (bsc#936556).

- ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL
and BSW (bsc#936556).

- ALSA: hda_intel: apply the Separate stream_tag for
Skylake (bsc#936556).

- ALSA: hda_intel: apply the Separate stream_tag for
Sunrise Point (bsc#936556).

- Btrfs: Handle unaligned length in extent_same

- Btrfs: add missing inode item update in fallocate()

- Btrfs: check pending chunks when shrinking fs to avoid
corruption (bsc#936445).

- Btrfs: do not update mtime/ctime on deduped inodes

- Btrfs: fix block group ->space_info NULL pointer
dereference (bsc#935088).

- Btrfs: fix clone / extent-same deadlocks (bsc#937612).

- Btrfs: fix deadlock with extent-same and readpage

- Btrfs: fix fsync data loss after append write

- Btrfs: fix hang during inode eviction due to concurrent
readahead (bsc#935085).

- Btrfs: fix memory leak in the extent_same ioctl

- Btrfs: fix race when reusing stale extent buffers that
leads to BUG_ON (bsc#926369).

- Btrfs: fix use after free when close_ctree frees the
orphan_rsv (bsc#938022).

- Btrfs: pass unaligned length to btrfs_cmp_data()

- Btrfs: provide super_operations->inode_get_dev

- Drivers: hv: balloon: check if ha_region_mutex was
acquired in MEM_CANCEL_ONLINE case.

- Drivers: hv: fcopy: process deferred messages when we
complete the transaction.

- Drivers: hv: fcopy: rename fcopy_work ->

- Drivers: hv: fcopy: set .owner reference for file

- Drivers: hv: fcopy: switch to using the
hvutil_device_state state machine.

- Drivers: hv: hv_balloon: correctly handle
num_pages>INT_MAX case.

- Drivers: hv: hv_balloon: correctly handle val.freeram
lower than num_pages case.

- Drivers: hv: hv_balloon: do not lose memory when
onlining order is not natural.

- Drivers: hv: hv_balloon: do not online pages in offline

- Drivers: hv: hv_balloon: eliminate jumps in piecewiese
linear floor function.

- Drivers: hv: hv_balloon: eliminate the trylock path in

- Drivers: hv: hv_balloon: keep locks balanced on
add_memory() failure.

- Drivers: hv: hv_balloon: refuse to balloon below the

- Drivers: hv: hv_balloon: report offline pages as being

- Drivers: hv: hv_balloon: survive ballooning request with

- Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.

- Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work.

- Drivers: hv: kvp: reset kvp_context.

- Drivers: hv: kvp: switch to using the
hvutil_device_state state machine.

- Drivers: hv: util: Fix a bug in the KVP code. reapply
upstream change ontop of v3.12-stable change

- Drivers: hv: util: On device remove, close the channel
after de-initializing the service.

- Drivers: hv: util: introduce hv_utils_transport

- Drivers: hv: util: introduce state machine for util

- Drivers: hv: util: move kvp/vss function declarations to

- Drivers: hv: vmbus: Add device and vendor ID to vmbus

- Drivers: hv: vmbus: Add support for VMBus panic notifier
handler (bsc#934160).

- Drivers: hv: vmbus: Add support for the NetworkDirect

- Drivers: hv: vmbus: Correcting truncation error for
constant HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160).

- Drivers: hv: vmbus: Export the

- Drivers: hv: vmbus: Fix a bug in rescind processing in

- Drivers: hv: vmbus: Fix a siganlling host signalling

- Drivers: hv: vmbus: Get rid of some unnecessary

- Drivers: hv: vmbus: Get rid of some unused definitions.

- Drivers: hv: vmbus: Handle both rescind and offer
messages in the same context.

- Drivers: hv: vmbus: Implement the protocol for tearing
down vmbus state.

- Drivers: hv: vmbus: Introduce a function to remove a
rescinded offer.

- Drivers: hv: vmbus: Perform device register in the
per-channel work element.

- Drivers: hv: vmbus: Permit sending of packets without

- Drivers: hv: vmbus: Properly handle child device remove.

- Drivers: hv: vmbus: Remove the channel from the channel
list(s) on failure.

- Drivers: hv: vmbus: Suport an API to send packet with
additional control.

- Drivers: hv: vmbus: Suport an API to send pagebuffers
with additional control.

- Drivers: hv: vmbus: Teardown clockevent devices on
module unload.

- Drivers: hv: vmbus: Teardown synthetic interrupt
controllers on module unload.

- Drivers: hv: vmbus: Use a round-robin algorithm for
picking the outgoing channel.

- Drivers: hv: vmbus: Use the vp_index map even for
channels bound to CPU 0.

- Drivers: hv: vmbus: avoid double kfree for device_obj.

- Drivers: hv: vmbus: briefly comment num_sc and next_oc.

- Drivers: hv: vmbus: decrease num_sc on subchannel

- Drivers: hv: vmbus: distribute subchannels among all

- Drivers: hv: vmbus: do cleanup on all vmbus_open()
failure paths.

- Drivers: hv: vmbus: introduce vmbus_acpi_remove.

- Drivers: hv: vmbus: kill tasklets on module unload.

- Drivers: hv: vmbus: move init_vp_index() call to

- Drivers: hv: vmbus: prevent cpu offlining on newer

- Drivers: hv: vmbus: rename channel work queues.

- Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and
vmbus_connection pages on shutdown.

- Drivers: hv: vmbus: unify calls to percpu_channel_enq().

- Drivers: hv: vmbus: unregister panic notifier on module

- Drivers: hv: vmbus:Update preferred vmbus protocol
version to windows 10.

- Drivers: hv: vss: process deferred messages when we
complete the transaction.

- Drivers: hv: vss: switch to using the
hvutil_device_state state machine.

- Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012)

- Fix connection reuse when sk_error_report is used

- GHES: Carve out error queueing in a separate function

- GHES: Carve out the panic functionality (bsc#917630).

- GHES: Elliminate double-loop in the NMI handler

- GHES: Make NMI handler have a single reader

- GHES: Panic right after detection (bsc#917630).

- IB/mlx4: Fix wrong usage of IPv4 protocol for multicast
attach/detach (bsc#918618).

- Initialize hv_netvsc_packet->xmit_more to avoid transfer

- KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in
hypervisor mode (bsc#908491).

- KVM: s390: virtio-ccw: Handle command rejects

- MODSIGN: loading keys from db when SecureBoot disabled

- MODSIGN: loading keys from db when SecureBoot disabled

- PCI: pciehp: Add hotplug_lock to serialize hotplug
events (bsc#866911).

- Revert 'MODSIGN: loading keys from db when SecureBoot
disabled'. This reverts commit b45412d4, because it
breaks legacy boot.

- SUNRPC: Report connection error values to rpc_tasks on
the pending queue (bsc#930972).

- Update s390x kabi files with netfilter change

- client MUST ignore EncryptionKeyLength if
CAP_EXTENDED_SECURITY is set (bsc#932348).

- cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI
processors (bsc#933117).

- dmapi: fix value from newer Linux strnlen_user()

- drm/i915/hsw: Fix workaround for server AUX channel
clock divisor (bsc#935918).

- drm/i915: Evict CS TLBs between batches (bsc#935918).

- drm/i915: Fix DDC probe for passive adapters

- drm/i915: Handle failure to kick out a conflicting fb
driver (bsc#935918).

- drm/i915: drop WaSetupGtModeTdRowDispatch:snb

- drm/i915: save/restore GMBUS freq across suspend/resume
on gen4 (bsc#935918).

- edd: support original Phoenix EDD 3.0 information

- ext4: fix over-defensive complaint after journal abort

- fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124).

- ftrace: add oco handling patch (bsc#924526).

- ftrace: allow architectures to specify ftrace compile
options (bsc#924526).

- ftrace: let notrace function attribute disable
hotpatching if necessary (bsc#924526).

- hugetlb, kabi: do not account hugetlb pages as
NR_FILE_PAGES (bsc#930092).

- hugetlb: do not account hugetlb pages as NR_FILE_PAGES

- hv: channel: match var type to return type of

- hv: do not schedule new works in

- hv: hv_balloon: match var type to return type of

- hv: hv_util: move vmbus_open() to a later place.

- hv: hypervvssd: call endmntent before call setmntent

- hv: no rmmod for hv_vmbus and hv_utils.

- hv: remove the per-channel workqueue.

- hv: run non-blocking message handlers in the dispatch

- hv: vmbus: missing curly braces in

- hv: vmbus_free_channels(): remove the redundant

- hv: vmbus_open(): reset the channel state on ENOMEM.

- hv: vmbus_post_msg: retry the hypercall on some
transient errors.

- hv_netvsc: Allocate the receive buffer from the correct
NUMA node.

- hv_netvsc: Allocate the sendbuf in a NUMA aware way.

- hv_netvsc: Clean up two unused variables.

- hv_netvsc: Cleanup the test for freeing skb when we use
sendbuf mechanism.

- hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE.

- hv_netvsc: Eliminate memory allocation in the packet
send path.

- hv_netvsc: Fix a bug in netvsc_start_xmit().

- hv_netvsc: Fix the packet free when it is in skb

- hv_netvsc: Implement batching in send buffer.

- hv_netvsc: Implement partial copy into send buffer.

- hv_netvsc: Use the xmit_more skb flag to optimize
signaling the host.

- hv_netvsc: change member name of struct netvsc_stats.

- hv_netvsc: introduce netif-msg into netvsc module.

- hv_netvsc: remove unused variable in netvsc_send().

- hv_netvsc: remove vmbus_are_subchannels_present() in

- hv_netvsc: try linearizing big SKBs before dropping

- hv_netvsc: use per_cpu stats to calculate TX/RX data.

- hv_netvsc: use single existing drop path in

- hv_vmbus: Add gradually increased delay for retries in

- hyperv: Implement netvsc_get_channels() ethool op.

- hyperv: hyperv_fb: match wait_for_completion_timeout
return type.

- iommu/amd: Handle integer overflow in dma_ops_area_alloc

- iommu/amd: Handle large pages correctly in
free_pagetable (bsc#935881).

- ipr: Increase default adapter init stage change timeout

- ipv6: do not delete previously existing ECMP routes if
add fails (bsc#930399).

- ipv6: fix ECMP route replacement (bsc#930399).

- jbd2: improve error messages for inconsistent journal
heads (bsc#935174).

- jbd2: revise KERN_EMERG error messages (bsc#935174).

- kabi/severities: Add s390 symbols allowed to change in

- kabi: only use sops->get_inode_dev with proper fsflag.

- kernel: add panic_on_warn.

- kexec: allocate the kexec control page with

- kgr: fix redirection on s390x arch (bsc#903279).

- kgr: move kgr_task_in_progress() to sched.h.

- kgr: send a fake signal to all blocking tasks.

- kvm: irqchip: Break up high order allocations of
kvm_irq_routing_table (bsc#926953).

- libata: Blacklist queued TRIM on all Samsung 800-series

- mei: bus: () can be static.

- mm, thp: really limit transparent hugepage allocation to
local node (VM Performance, bsc#931620).

- mm, thp: respect MPOL_PREFERRED policy with non-local
node (VM Performance, bsc#931620).

- mm/mempolicy.c: merge alloc_hugepage_vma to
alloc_pages_vma (VM Performance, bsc#931620).

- mm/thp: allocate transparent hugepages on local node (VM
Performance, bsc#931620).

- net/mlx4_en: Call register_netdevice in the proper
location (bsc#858727).

- net/mlx4_en: Do not attempt to TX offload the outer UDP
checksum for VXLAN (bsc#858727).

- net: fib6: fib6_commit_metrics: fix potential NULL
pointer dereference (bsc#867362).

- net: introduce netdev_alloc_pcpu_stats() for drivers.

- net: ipv6: fib: do not sleep inside atomic lock

- netdev: set __percpu attribute on

- netdev_alloc_pcpu_stats: use less common iterator

- netfilter: xt_NFQUEUE: fix --queue-bypass regression

- ovl: default permissions (bsc#924071).

- ovl: move s_stack_depth .

- powerpc/perf/hv-24x7: use kmem_cache instead of aligned
stack allocations (bsc#931403).

- powerpc/pseries: Correct cpu affinity for dlpar added
cpus (bsc#932967).

- powerpc: Add VM_FAULT_HWPOISON handling to powerpc page
fault handler (bsc#929475).

- powerpc: Fill in si_addr_lsb siginfo field (bsc#929475).

- powerpc: Simplify do_sigbus (bsc#929475).

- reiserfs: Fix use after free in journal teardown

- rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786).

- s390/airq: add support for irq ranges (bsc#931860).

- s390/airq: silence lockdep warning (bsc#931860).

- s390/compat,signal: change return values to -EFAULT

- s390/ftrace: hotpatch support for function tracing

- s390/irq: improve displayed interrupt order in
/proc/interrupts (bsc#931860).

- s390/kernel: use stnsm 255 instead of stosm 0

- s390/kgr: reorganize kgr infrastructure in entry64.S.

- s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879).

- s390/mm: limit STACK_RND_MASK for compat tasks

- s390/rwlock: add missing local_irq_restore calls

- s390/sclp_vt220: Fix kernel panic due to early terminal
input (bsc#931860).

- s390/smp: only send external call ipi if needed

- s390/spinlock,rwlock: always to a load-and-test first

- s390/spinlock: cleanup spinlock code (bsc#929879).

- s390/spinlock: optimize spin_unlock code (bsc#929879).

- s390/spinlock: optimize spinlock code sequence

- s390/spinlock: refactor arch_spin_lock_wait[_flags]

- s390/time: use stck clock fast for do_account_vtime

- s390: Remove zfcpdump NR_CPUS dependency (bsc#929879).

- s390: add z13 code generation support (bsc#929879).

- s390: avoid z13 cache aliasing (bsc#929879).

- s390: fix control register update (bsc#929879).

- s390: optimize control register update (bsc#929879).

- s390: z13 base performance (bsc#929879).

- sched: fix __sched_setscheduler() vs load balancing race

- scsi: retry MODE SENSE on unit attention (bsc#895814).

- scsi_dh_alua: Recheck state on unit attention

- scsi_dh_alua: fixup crash in alua_rtpg_work()

- scsi_dh_alua: parse device id instead of target id

- scsi_dh_alua: recheck RTPG in regular intervals

- scsi_dh_alua: update all port states (bsc#895814).

- sd: always retry READ CAPACITY for ALUA state transition

- st: NULL pointer dereference panic caused by use after
kref_put by st_open (bsc#936875).

- supported.conf: add btrfs to kernel-$flavor-base

- udf: Remove repeated loads blocksize (bsc#933907).

- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state
after a hub port reset (bsc#938024).

- vTPM: set virtual device before passing to
ibmvtpm_reset_crq (bsc#937087).

- vfs: add super_operations->get_inode_dev (bsc#927455).

- virtio-ccw: virtio-ccw adapter interrupt support

- virtio-rng: do not crash if virtqueue is broken

- virtio: fail adding buffer on broken queues

- virtio: virtio_break_device() to mark all virtqueues
broken (bsc#931860).

- virtio_blk: verify if queue is broken after
virtqueue_get_buf() (bsc#931860).

- virtio_ccw: fix hang in set offline processing

- virtio_ccw: fix vcdev pointer handling issues

- virtio_ccw: introduce device_lost in virtio_ccw_device

- virtio_net: do not crash if virtqueue is broken

- virtio_net: verify if queue is broken after
virtqueue_get_buf() (bsc#931860).

- virtio_ring: adapt to notify() returning bool

- virtio_ring: add new function virtqueue_is_broken()

- virtio_ring: change host notification API (bsc#931860).

- virtio_ring: let virtqueue_{kick()/notify()} return a
bool (bsc#931860).

- virtio_ring: plug kmemleak false positive (bsc#931860).

- virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO)
holding spinlock (bsc#931860).

- virtio_scsi: verify if queue is broken after
virtqueue_get_buf() (bsc#931860).

- vmxnet3: Bump up driver version number (bsc#936423).

- vmxnet3: Changes for vmxnet3 adapter version 2 (fwd)

- vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).

- vmxnet3: Register shutdown handler for device (fwd)

- x86/PCI: Use host bridge _CRS info on Foxconn
K8M890-8237A (bsc#907092).

- x86/PCI: Use host bridge _CRS info on systems with >32
bit addressing (bsc#907092).

- x86/kgr: move kgr infrastructure from asm to C.

- x86/mm: Improve AMD Bulldozer ASLR workaround

- xfrm: release dst_orig in case of error in xfrm_lookup()

- xfs: Skip dirty pages in ->releasepage (bsc#915183).

- xfs: fix xfs_setattr for DMAPI (bsc#932900).

- xfs_dmapi: fix transaction ilocks (bsc#932899).

- xfs_dmapi: fix value from newer Linux strnlen_user()

- xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's
ops (bsc#932898).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-356=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-356=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.1
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now