The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described quot;Microarchitectural Data Samplingquot; attack. The Linux kernel was supplemented with the option to disable TSX operation altogether and better flushing of microarchitectural buffers . The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value . - alsa: hda/realtek - Add support for ALC623 . - alsa: hda/realtek - Add support for ALC711 . - alsa: hda/realtek - Fix 2 front mics of codec 0x623 . - alsa: hda: Add Elkhart Lake PCI ID . - alsa: hda: Add Tigerlake/Jasperlake PCI ID . - alsa: timer: Fix mutex deadlock at releasing card . - arcnet: provide a buffer big enough to actually receive packets . - asoc: rockchip: i2s: Fix RPM imbalance . - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting . - bpf: fix use after free in prog symbol exposure . - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group . - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents . - btrfs: tracepoints: Fix bad entry members of qgroup events . - btrfs: tracepoints: Fix wrong parameter order for qgroup events . - crypto: af_alg - Fix race around ctx-gt;rcvused by making it atomic_t . - crypto: af_alg - Initialize sg_num_bytes in error code path . - crypto: af_alg - consolidation of duplicate code . - crypto: af_alg - fix race accessing cipher request . - crypto: af_alg - remove locking in async callback . - crypto: af_alg - update correct dst SGL entry . - crypto: af_alg - wait for data at beginning of recvmsg . - crypto: algif - return error code when no data was processed . - crypto: algif_aead - copy AAD from src to dst . - crypto: algif_aead - fix reference counting of null skcipher . - crypto: algif_aead - overhaul memory management . - crypto: algif_aead - skip SGL entries with NULL page . - crypto: algif_skcipher - overhaul memory management . - cxgb4:Fix out-of-bounds MSI-X info array access . - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 . - drm/i915/cmdparser: Add support for backward jumps - drm/i915/cmdparser: Ignore Length operands during command matching - drm/i915/cmdparser: Use explicit goto for error paths - drm/i915/gen8+: Add RC6 CTX corruption WA - drm/i915/gtt: Add read only pages to gen8_pte_encode - drm/i915/gtt: Disable read-only support under GVT - drm/i915/gtt: Read-only pages for insert_entries on bdw - drm/i915: Add gen9 BCS cmdparsing - drm/i915: Add support for mandatory cmdparsing - drm/i915: Allow parsing of unsized batches - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs - drm/i915: Prevent writing into a read-only object via a GGTT mmap - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers - efi/memattr: Do not bail on zero VA if it equals the region"s PA . - efi: cper: print AER info of PCIe fatal error . - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified . - hid: fix error message in hid_open_report . - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy . - hso: fix NULL-deref on tty open . - hyperv: set nvme msi interrupts to unmanaged . - ib/core: Add mitigation for Spectre V1 - ieee802154: ca8210: prevent memory leak . - input: synaptics-rmi4 - avoid processing unknown IRQs . - integrity: prevent deadlock during digsig verification . - ipv6: Handle missing host route in __ipv6_ifa_notify . - ipv6: drop incoming packets having a v4mapped source address . - kABI workaround for crypto/af_alg changes . - kABI workaround for drm_vma_offset_node readonly field addition - ksm: cleanup stable_node chain collapse case . - ksm: fix use after free with merge_across_nodes = 0 . - ksm: introduce ksm_max_page_sharing per page deduplication limit . - ksm: optimize refile of stable_node_dup at the head of the chain . - ksm: swap the two output parameters of chain/chain_prune . - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active . - kvm: x86: mmu: Recovery of shattered NX large pages . - mac80211: Reject malformed SSID elements . - mac80211: fix txq null pointer dereference . - md/raid0: avoid RAID0 data corruption due to layout confusion . - md/raid0: fix warning message for parameter default_layout . - net/phy: fix DP83865 10 Mbps HDX loopback disable function . - net/rds: Fix error handling in rds_ib_add_one . - net/rds: fix warn in rds_message_alloc_sgs . - net/rds: remove user triggered WARN_ON in rds_sendmsg . - net/sched: act_sample: do not push mac header on ip6gre ingress . - net/smc: fix SMCD link group creation with VLAN id . - net: Replace NF_CT_ASSERT with WARN_ON . - net: Unpublish sk from sk_reuseport_cb before call_rcu . - net: openvswitch: free vport unless register_netdevice succeeds . - net: qlogic: Fix memory leak in ql_alloc_large_buffers . - net: qrtr: Stop rx_worker before freeing node . - net_sched: add policy validation for action attributes . - net_sched: fix backward compatibility for TCA_ACT_KIND . - netfilter: nf_nat: do not bug when mapping already exists . - nfsv4.1 - backchannel request should hold ref on xprt . - nl80211: fix null pointer dereference . - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC . - qmi_wwan: add support for Cinterion CLS8 devices . - r8152: Set macpassthru in reset_resume callback . - rds: Fix warning . - reiserfs: fix extended attributes on the root directory . - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description . - s390/cmf: set_schib_wait add timeout . - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash . - sch_dsmark: fix potential NULL deref in dsmark_init . - sch_netem: fix a divide by zero in tabledist . - sched/fair: Avoid divide by zero when rebalancing domains . - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery . - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough . - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event . - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump . - scsi: qla2xxx: Dual FCP-NVMe target port support . - scsi: qla2xxx: Fix N2N link reset . - scsi: qla2xxx: Fix N2N link up fail . - scsi: qla2xxx: Fix partial flash write of MBI . - scsi: qla2xxx: Fix stale mem access on driver unload . - scsi: qla2xxx: Fix unbound sleep in fcport delete path . - scsi: qla2xxx: Fix wait condition in loop . - scsi: qla2xxx: Improve logging for scan thread . - scsi: qla2xxx: Initialized mailbox to prevent driver load failure . - scsi: qla2xxx: Optimize NPIV tear down process . - scsi: qla2xxx: Set remove flag for all VP . - scsi: qla2xxx: Silence fwdump template message . - scsi: qla2xxx: Update driver version to 10.01.00.20-k . - scsi: qla2xxx: fix a potential NULL pointer dereference . - scsi: qla2xxx: fixup incorrect usage of host_byte . - scsi: qla2xxx: remove redundant assignment to pointer host . - scsi: qla2xxx: stop timer in shutdown path . - skge: fix checksum byte order . - staging: wlan-ng: fix exit return when sme-gt;key_idx gt;= NUM_WEPKEYS . - supporte.conf: add efivarfs to kernel-default-base . - tipc: fix unlimited bundling of small messages . - usb: ldusb: fix NULL-derefs on driver unbind . - usb: ldusb: fix memleak on disconnect . - usb: ldusb: fix read info leaks . - usb: legousbtower: fix a signedness bug in tower_probe . - usb: legousbtower: fix memleak on disconnect . - usb: serial: ti_usb_3410_5052: fix port-close races . - usb: udc: lpc32xx: fix bad bit shift operation . - usb: usblp: fix use-after-free on disconnect . - vfs: Make filldir[64] verify the directory entry filename is valid . - vsock: Fix a lockdep warning in __vsock_release . - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area . - x86/boot/64: Round memory hole size up to next PMD page . - x86/tsx: Add config options to set tsx=on|off|auto . Special Instructions and Notes: Please reboot the system after installing this update.