The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. - CVE-2018-5391: A flaw in the IP packet reassembly could be used by remote attackers to consume CPU time . - CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service . - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service . - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn"t properly validate the sigevent- gt;sigev_notify field, which leads to out-of-bounds access in the show_timer function . This allowed userspace applications to read arbitrary kernel memory . The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch . - Add support for 5,25,50, and 100G to 802.3ad bonding driver - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS . - alsa: hda - Fix pincfg at resume on Lenovo T470 dock . - alsa: hda - Handle kzalloc failure in snd_hda_attach_pcm_stream . - alsa: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags . - arm64: do not open code page table entry creation . - arm64: kpti: Use early_param for kpti= command-line option . - arm64: Make sure permission updates happen for pmd/pud . - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size . - arm: dts: imx6q: Use correct SDMA script for SPI5 core . - ASoC: cirrus: i2s: Fix LRCLK configuration . - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup . - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it . - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode . - atm: zatm: fix memcmp casting . - atm: zatm: Fix potential Spectre v1 . - backlight: as3711_bl: Fix Device Tree node lookup . - backlight: max8925_bl: Fix Device Tree node lookup . - backlight: tps65217_bl: Fix Device Tree node lookup . - bcache: add backing_request_endio for bi_end_io . - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags . - bcache: add io_disable to struct cached_dev . - bcache: add journal statistic . - bcache: Add __printf annotation to __bch_check_keys . - bcache: add stop_when_cache_set_failed option to backing device . - bcache: add wait_for_kthread_stop in bch_allocator_thread . - bcache: Annotate switch fall-through . - bcache: closures: move control bits one bit right . - bcache: correct flash only vols . - bcache: count backing device I/O error for writeback I/O . - bcache: Fix a compiler warning in bcache_device_init . - bcache: fix cached_dev- gt;count usage for bch_cache_set_error . - bcache: fix crashes in duplicate cache device register . - bcache: fix error return value in memory shrink . - bcache: fix high CPU occupancy during journal . - bcache: Fix, improve efficiency of closure_sync . - bcache: fix inaccurate io state for detached bcache devices . - bcache: fix incorrect sysfs output value of strip size . - bcache: Fix indentation . - bcache: Fix kernel-doc warnings . - bcache: fix misleading error message in bch_count_io_errors . - bcache: fix using of loop variable in memory shrink . - bcache: fix writeback target calc on large devices . - bcache: fix wrong return value in bch_debug_init . - bcache: mark closure_sync __sched . - bcache: move closure debug file into debug directory . - bcache: reduce cache_set devices iteration by devices_max_used . - bcache: Reduce the number of sparse complaints about lock imbalances . - bcache: Remove an unused variable . - bcache: ret IOERR when read meets metadata error . - bcache: return 0 from bch_debug_init if CONFIG_DEBUG_FS=n . - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error . - bcache: set dc- gt;io_disable to true in conditional_stop_bcache_device . - bcache: set error_limit correctly . - bcache: set writeback_rate_update_seconds in range [1, 60] seconds . - bcache: stop bcache device when backing device is offline . - bcache: stop dc- gt;writeback_rate_update properly . - bcache: stop writeback thread after detaching . - bcache: store disk name in struct cache and struct cached_dev . - bcache: Suppress more warnings about set-but-not-used variables . - bcache: use pr_info to inform duplicated CACHE_SET_IO_DISABLE set . - bcache: Use PTR_ERR_OR_ZERO . - bcm63xx_enet: correct clock usage . - bcm63xx_enet: do not write to random DMA channel on BCM6345 . - blkcg: simplify statistic accumulation code . - block: copy ioprio in __bio_clone_fast . - block: Fix transfer when chunk sectors exceeds max . - block/swim: Fix array bounds check . - bluetooth: Fix connection if directed advertising and privacy is used . - bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader . - bonding: re-evaluate force_primary when the primary slave name changes . - bpf: fix loading of BPF_MAXINSNS sized programs . - bpf, x64: fix memleak when not converging after image . - btrfs: fix clone vs chattr NODATASUM race . - btrfs: fix unexpected cow in run_delalloc_nocow . - btrfs: make raid6 rebuild retry more . - btrfs: scrub: Do not use inode pages for device replace . - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag . - cachefiles: Fix refcounting bug in backing-file read monitoring . - cachefiles: Wait rather than BUG"ing on Unexpected object collision . - cdc_ncm: avoid padding beyond end of skb . - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup . - cifs: Fix infinite loop when using hard mount option . - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled . - compiler, clang: properly override "inline" for clang . - compiler, clang: suppress warning for unused static inline functions . - compiler-gcc.h: Add __attribute__ to all inline declarations . - CONFIG_HOTPLUG_SMT=y - cpufreq: Fix new policy initialization during limits updates via sysfs . - cpu/hotplug: Add sysfs state interface . - cpu/hotplug: Provide knobs to control SMT . - cpu/hotplug: Split do_cpu_down . - cpuidle: powernv: Fix promotion from snooze if next state disabled . - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak . - crypto: crypto4xx - remove bad list_del . - dm: convert DM printk macros to pr_ lt;level gt; macros . - dm: fix printk rate limiting code . - dm thin: handle running out of data space vs concurrent discard . - dm thin metadata: remove needless work from __commit_transaction . - drbd: fix access after free . - driver core: Do not ignore class_dir_create_and_add failure . - drm/msm: Fix possible null dereference on failure of get_pages . - drm: re-enable error handling . - esp6: fix memleak on error path in esp6_input . - ext4: add more inode number paranoia checks . - ext4: add more mount time checks of the superblock . - ext4: always check block group bounds in ext4_init_block_bitmap . - ext4: check superblock mapped prior to committing . - ext4: clear i_data in ext4_inode_info when removing inline data . - ext4: fix fencepost error in check for inode count overflow during resize . - ext4: include the illegal physical block in the bad map ext4_error msg . - ext4: make sure bitmaps and the inode table do not overlap with bg descriptors . - ext4: only look at the bg_flags field if it is valid . - ext4: update mtime in ext4_punch_hole even if no blocks are released . - ext4: verify the depth of extent tree in ext4_find_extent . - fscache: Allow cancelled operations to be enqueued . - fscache: Fix reference overput in fscache_attach_object error handling . - fuse: atomic_o_trunc should truncate pagecache . - fuse: do not keep dead fuse_conn at fuse_fill_super . - fuse: fix control dir setup and teardown . - genirq: Make force irq threading setup more robust . - hid: debug: check length before copy_to_user . - hid: hiddev: fix potential Spectre v1 . - hid: i2c-hid: Fix incomplete report noise . - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter . - i2c: rcar: fix resume by always initializing registers before transfer . - ib/isert: fix T10-pi check mask setting . - ibmasm: do not write out of bounds in read handler . - ibmvnic: Fix error recovery on login failure . - ibmvnic: Remove code to request error information . - ibmvnic: Revise RX/TX queue error messages . - ibmvnic: Update firmware error reporting with cause string . - ib/qib: Fix DMA api warning with debug kernel . - iio:buffer: make length types match kfifo types . - input: elan_i2c - add ELAN0618 ACPI ID . - input: elan_i2c_smbus - fix more potential stack buffer overflows . - input: elantech - enable middle button of touchpads on ThinkPad P52 . - input: elantech - fix V4 report decoding for module with middle key . - iommu/vt-d: Fix race condition in add_unmap . - ipmi:bt: Set the timeout before doing a capabilities check . - ipv4: Fix error return value in fib_convert_metrics . - ipvs: fix buffer overflow with sync daemon and service . - iw_cxgb4: correctly enforce the max reg_mr depth . - jbd2: do not mark block as modified if the handle is out of credits . - kabi protect net/core/utils.c includes . - kABI: protect struct loop_device . - kABI: reintroduce __static_cpu_has_safe . - kabi/severities: add "drivers/md/bcache/* PASS" since no one uses symboles expoted by bcache. - kbuild: fix # escaping in .cmd files for future Make . - keys: DNS: fix parsing multiple options . - kmod: fix wait on recursive loop . - kmod: reduce atomic operations on kmod_concurrent and simplify . - kmod: throttle kmod thread limit . - kprobes/x86: Do not modify singlestep buffer while resuming . - kvm: arm/arm64: Drop resource size check for GICV window . - kvm: arm/arm64: Set dist- gt;spis to NULL after kfree . - libata: do not try to pass through NCQ commands to non-NCQ devices . - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk . - libata: zpodd: make arrays cdb static, reduces object code size . - libata: zpodd: small read overflow in eject_tray . - lib/vsprintf: Remove atomic-unsafe support for %pCr . - linvdimm, pmem: Preserve read-only setting for pmem devices . - loop: add recursion validation to LOOP_CHANGE_FD . - loop: remember whether sysfs_create_group was done . - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap . - media: cx231xx: Add support for AverMedia DVD EZMaker 7 . - media: cx25840: Use subdev host data for PLL override . - media: dvb_frontend: fix locking issues at dvb_frontend_get_event . - media: smiapp: fix timeout checking in smiapp_read_nvm . - media: v4l2-compat-ioctl32: prevent go past max size . - mfd: intel-lpss: Program REMAP register in PIO mode . - mips: ftrace: fix static function graph tracing . - mmc: dw_mmc: fix card threshold control configuration . - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing . - mm: hugetlb: yield when prepping struct pages . - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking . - mtd: cfi_cmdset_0002: Change definition naming to retry write operation . - mtd: cfi_cmdset_0002: Change erase functions to check chip good only . - mtd: cfi_cmdset_0002: Change erase functions to retry for error . - mtd: cfi_cmdset_0002: Change write buffer to check correct value . - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips . - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary . - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock . - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS . - mtd: partitions: add helper for deleting partition . - mtd: partitions: remove sysfs files when deleting all master"s partitions . - mtd: rawnand: mxc: set spare area size register explicitly . - net: cxgb3_main: fix potential Spectre v1 . - net: dccp: avoid crash in ccid3_hc_rx_send_feedback . - net: dccp: switch rx_tstamp_last_feedback to monotonic clock . - netfilter: ebtables: handle string from userspace with care . - netfilter: ebtables: reject non-bridge targets . - netfilter: nf_log: do not hold nf_log_mutex during user access . - netfilter: nf_queue: augment nfqa_cfg_policy . - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain . - netfilter: x_tables: initialise match/target check parameter struct . - net/mlx5: Fix command interface race in polling mode . - net/mlx5: Fix incorrect raw command length parsing . - net: mvneta: fix the Rx desc DMA address in the Rx path . - net/nfc: Avoid stalls when nfc_alloc_send_skb returned NULL . - net: off by one in inet6_pton . - net: phy: marvell: Use strlcpy for ethtool::get_strings . - net: qmi_wwan: Add Netgear Aircard 779S . - net_sched: blackhole: tell upper qdisc about dropped packets . - net/sonic: Use dma_mapping_error . - net: sungem: fix rx checksum support . - net/utils: generic inet_pton_with_scope helper . - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir . - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message . - n_tty: Access echo_* variables carefully . - n_tty: Fix stall at n_tty_receive_char_special . - null_blk: use sector_div instead of do_div . - nvme-pci: initialize queue memory before interrupts . - nvme-rdma: Check remotely invalidated rkey matches our expected rkey . - nvme-rdma: default MR page size to 4k . - nvme-rdma: do not complete requests before a send work request has completed . - nvme-rdma: do not suppress send completions . - nvme-rdma: Fix command completion race at error recovery . - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical . - nvme-rdma: use inet_pton_with_scope helper . - nvme-rdma: Use mr pool . - nvme-rdma: wait for local invalidation before completing a request . - ocfs2: subsystem.su_mutex is required while accessing the item- gt;ci_parent . - of: unittest: for strings, account for trailing \0 in property length field . - ovl: fix random return value on mount . - ovl: fix uid/gid when creating over whiteout . - ovl: override creds with the ones from the superblock mounter . - pci: ibmphp: Fix use-before-set in get_max_bus_speed . - pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume . - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP . - perf intel-pt: Fix MTC timing after overflow . - perf intel-pt: Fix packet decoding of CYC packets . - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING . - perf intel-pt: Fix Unexpected indirect branch error . - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 . - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ . - PM / hibernate: Fix oops at snapshot_write . - powerpc/64: Initialise thread_info for emergency stacks . - powerpc/64s: Exception macro for stack frame and initial register save . - powerpc/64s: Fix mce accounting for powernv . - powerpc/fadump: Unregister fadump on kexec down path . - powerpc: Machine check interrupt is a non-maskable interrupt . - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch . - powerpc/ptrace: Fix enforcement of DAWR constraints . - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG . - qed: Limit msix vectors in kdump kernel to the minimum required count . - qla2xxx: Fix inconsistent DMA mem alloc/free . - qla2xxx: Fix kernel crash due to late workqueue allocation . - qla2xxx: Fix NULL pointer derefrence for fcport search . - r8152: napi hangup fix after disconnect . - RDMA/mlx4: Discard unknown SQP work requests . - RDMA/ocrdma: Fix an error code in ocrdma_alloc_pd . - RDMA/ocrdma: Fix error codes in ocrdma_create_srq . - RDMA/ucm: Mark UCM interface as BROKEN . - rds: avoid unenecessary cong_update in loop transport . - restore cond_resched in shrink_dcache_parent . - Revert "block-cancel-workqueue-entries-on-blk_mq_freeze_queue"