The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
CVE-2019-6974: kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)
CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
CVE-2017-18249: The addfreenid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).
The following non-security bugs were fixed:
acpi/nfit: Block function zero DSMs (bsc#1123321).
acpi, nfit: Fix ARS overflow continuation (bsc#1125000).
acpi/nfit: fix cmdrc for acpinfit_ctl to always return a value (bsc#1124775).
batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382).
batman-adv: Force mac header to start of data on xmit (bnc#1012382).
blockdev: fix crash on chained bios with ODIRECT (bsc#1090435).
block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893).
block/loop: Use global lock for ioctl() operation (bnc#1012382).
block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382).
bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413).
bpf: fix replacemapfdwithmap_ptr's ldimm64 second imm field (bsc#1012382).
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452).
btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
btrfs: tree-check: reduce stack consumption in checkdiritem (bnc#1012382).
btrfs: validate type when reading a chunk (bnc#1012382).
btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
can: bcm: check timer values before ktime conversion (bnc#1012382).
can: dev: _cangetechoskb(): fix bogous check for non-existing skb by removing it (bnc#1012382).
can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
ceph: avoid repeatedly adding inode to mdsc->snapflushlist (bsc#1126773).
ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809).
ch: add missing mutexlock()/mutexunlock() in ch_release() (bsc#1124235).
powerpc/smp: Rework CPU topology construction (bsc#1109695).
powerpc/smp: Use cputochip_id() to find core siblings (bsc#1109695).
powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382).
powerpc: Use cpusmallcoresibling_mask at SMT level on bigcores (bsc#1109695).
powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
pppoe: fix reception of frames with no mac header (git-fixes).
pptp: dstrelease skdstcache in pptpsock_destruct (git-fixes).
proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080).
pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
ptp: check gettime64 return code in PTPSYSOFFSET ioctl (bnc#1012382).
r8169: Add support for new Realtek Ethernet (bnc#1012382).
rbd: do not return 0 on unmap if RBDDEVFLAG_REMOVING is set (bsc#1125808).
rcu: Force boolean subscript for expedited stall warnings (bnc#1012382).
RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).
RDMA/bnxtre: Synchronize destroyqp with poll_cq (bsc#1125446).
Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
Revert 'cifs: In Kconfig CONFIGCIFSPOSIX needs depends on legacy (insecure cifs)' (bnc#1012382).
Revert 'exec: load_script: do not blindly truncate shebang string' (bnc#1012382).
Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bnc#1012382).
Revert 'loop: Fix double mutexunlock(&loopctlmutex) in loopcontrol_ioctl()' (bnc#1012382).
Revert 'loop: Fold _looprelease into loop_release' (bnc#1012382).
Revert 'loop: Get rid of loopindexmutex' (bnc#1012382).
Revert 'mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).' The backport patch does not built properly.
Revert 'mm, devmmemremappages: mark devmmemremappages() EXPORTSYMBOLGPL' (bnc#1012382).
Revert 'net: stmmac: Fix a race in EEE enable callback (git-fixes).' This reverts commit f323fa8d233c1f44aff17e6fae90c2c8be30edf9. The patch was already included in stable 4.4.176.
Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit 96370bd87299c7a6883b3e2bf13818f60c8ba611. Patch not accepted upstream.
Revert 'x86/platform/UV: Use efiruntimelock to serialise BIOS calls' (bsc#1128565).