The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been
used by local attackers to modify or truncate files in the underlying
filesystem (bnc#1106512).
CVE-2018-14613: Prevent invalid pointer dereference in ioctlmappage() when
mounting and operating a crafted btrfs image, caused by a lack of block group
item validation in checkleaf_item (bsc#1102896)
CVE-2018-14617: Prevent NULL pointer dereference and panic in
hfsplus_lookup() when opening a file (that is purportedly a hard link) in an
hfs+ filesystem that has malformed catalog data, and is mounted read-only
without a metadata directory (bsc#1102870)
CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
yurex_read allowed local attackers to use user access read/writes to crash the
kernel or potentially escalate privileges (bsc#1106095)
CVE-2018-7757: Memory leak in the sassmpgetphyevents function in
drivers/scsi/libsas/sasexpander.c allowed local users to cause a denial of
service (memory consumption) via many read accesses to files in the
/sys/class/sasphy directory, as demonstrated by the
/sys/class/sasphy/phy-1:0:12/invaliddword_count file (bnc#1084536)
CVE-2018-7480: The blkcginitqueue function allowed local users to cause a
denial of service (double free) or possibly have unspecified other impact by
triggering a creation failure (bsc#1082863).
CVE-2018-17182: The vmacacheflushall function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread creation,
map, unmap, invalidation, and dereference operations (bnc#1108399).
The following non-security bugs were fixed:
asm/sections: add helpers to check for section data (bsc#1063026).
ASoC: wm8994: Fix missing break in switch (bnc#1012382).
block: bvecnrvecs() returns value for wrong slab (bsc#1082979).
bpf: fix overflow in prog accounting (bsc#1012382).
btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382).
btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382).
btrfs: scrub: Do not use inode page cache in scrubhandleerrored_block() (bsc#1108096).
btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
Follow-up fix for patches.arch/01-jumplabel-reduce-the-size-of-struct-statickey-kabi.patch (bsc#1108803).
fork: do not copy inconsistent signal handler state to child (bnc#1012382).
fs/dcache.c: fix kmemcheck splat at takedentryname_snapshot() (bnc#1012382).
genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382).
growcache: we still have a code which uses both _GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297)
hfsplus: do not return 0 when fill_super() failed (bnc#1012382).
hfs: prevent crash on exit from failed search (bnc#1012382).
ibsrp: Remove WARNON in srpterminateio() (bsc#1094562).
ipvs: fix race between ipvsconnnew() and ipvsdeldest() (bnc#1012382).
irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382).
irqchip/gic-v3: Add missing barrier to 32bit version of gicreadiar() (bnc#1012382).
kabi protect hnaeaeops (bsc#1107924).
kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).
l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).
mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).
mfd: sm501: Set coherentdmamask when creating subdevices (bnc#1012382).
mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).
net/9p: fix error path of p9virtioprobe (bnc#1012382).
net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).
net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240).
net: ena: fix device destruction to gracefully free resources (bsc#1108240).
net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).
net: ena: fix incorrect usage of memory barriers (bsc#1108240).
net: ena: fix missing calls to READ_ONCE (bsc#1108240).
net: ena: fix missing lock during device destruction (bsc#1108240).