ELSA-2018-1854

ELSA-2018-1854 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-06-25

Description


[2.6.32-754.OL6]
- Update genkey [bug 25599697]

[2.6.32-754]
- [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494]
- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]
- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148]
- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130}
- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}

[2.6.32-753]
- [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865]
- [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362]
- [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362]

[2.6.32-752]
- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487]
- [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117]
- [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357]
- [net] security: export security_sk_clone (Marcelo Leitner) [1571357]

[2.6.32-751]
- [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377]
- [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959]
- [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959]
- [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959]
- [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959]
- [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959]
- [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959]
- [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959]
- [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959]
- [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959]
- [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959]
- [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959]
- [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959]
- [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959]
- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241]
- [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803}

[2.6.32-750]
- [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121}
- [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196]
- [fs] Provide sane values for nlink (Leif Sahlberg) [1554342]

[2.6.32-749]
- [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788]
- [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788]
- [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788]
- [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788]
- [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788]
- [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788]
- [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788]
- [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788]
- [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786]
- [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725]
- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725]
- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725]
- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725]
- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725]
- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552]
- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552]
- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845]
- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845]
- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845]
- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845]
- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845]

[2.6.32-748]
- [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380]
- [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380]
- [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380]
- [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380]
- [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380]
- [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380]
- [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380]
- [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849]
- [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849]
- [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849]

[2.6.32-747]
- [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928]
- [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928]
- [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378]
- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386]
- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631]
- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631]
- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630]
- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630]
- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630]

[2.6.32-746]
- [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203}
- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562]
- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754}
- [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525]
- [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525]
- [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525]
- [ipmi] use smi_num for init_name (Tony Camuso) [1484525]
- [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525]
- [ipmi] clean up printks (Tony Camuso) [1484525]
- [ipmi] cleanup error return (Tony Camuso) [1484525]
- [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao Ni) [1417294]
- [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294]
- [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294]
- [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294]

[2.6.32-745]
- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754}
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166}
- [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706]

[2.6.32-744]
- [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224]
- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822]
- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822]
- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822]

[2.6.32-743]
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166}
- [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523]
- [fs] ext*: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482]
- [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076]
- [fs] export __block_write_full_page (Robert S Peterson) [1331076]
- [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959]
- [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959]
- [block] introduce blk_queue_enter() (Ming Lei) [1462959]
- [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337]
- [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337]
- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754}

[2.6.32-742]
- [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879]
- [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565]
- [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900]
- [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288]
- [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983]
- [audit] reinstate check for failed execve (Denys Vlasenko) [1488822]
- [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324]
- [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980]
- [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453]
- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959]
- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959]
- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959]
- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959]
- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959]
- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167]
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167]
- [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872]
- [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872]
- [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872]
- [fs] add set_nlink() (Andreas Grunbacher) [1255872]
- [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872]
- [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872]
- [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872]
- [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872]
- [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872]
- [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872]
- [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281]
- [scsi] dual scan thread bug fix (Ewan Milne) [1508512]
- [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512]
- [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168]

[2.6.32-741]
- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017}
- [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559]
- [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559]
- [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559]
- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024]
- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024]
- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024]
- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024]
- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167]
- [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504]
- [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773]
- [scsi] hpsa: update driver version (Joseph Szczypek) [1541517]
- [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517]
- [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517]

[2.6.32-740]
- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645]
- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645]
- [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645]
- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645]
- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645]
- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645]
- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645]
- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645]
- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645]
- [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645]
- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645]
- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645]
- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645]
- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645]
- [x86] Use IBRS for firmware update path (Waiman Long) [1535645]
- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645]
- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645]
- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645]
- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645]
- [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645]
- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645]
- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645]
- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645]
- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645]
- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645]
- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645]
- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645]
- [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645]
- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645]
- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645]
- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645]
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645]
- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645]
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645]
- [x86] mce: Make machine check speculation protected (Waiman Long) [1535645]
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645]
- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645]
- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645]
- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645]
- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645]
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645]
- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645]
- [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645]
- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645]
- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645]
- [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645]
- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645]
- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645]
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645]
- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645]
- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645]
- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645]
- [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645]
- [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645]
- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645]
- [x86] alternatives: Document macros (Waiman Long) [1535645]
- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645]
- [x86] alternatives: Add instruction padding (Waiman Long) [1535645]
- [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645]
- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645]
- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645]
- [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645]

[2.6.32-739]
- [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543]
- [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543]
- [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542]
- [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542]
- [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542]
- [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542]
- [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542]
- [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542]

[2.6.32-738]
- [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754}

[2.6.32-737]
- [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592]
- [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184]
- [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192]
- [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754]
- [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594]
- [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594]

[2.6.32-736]
- [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825]
- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410}
- [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175]

[2.6.32-735]
- [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340]

[2.6.32-734]
- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669]
- [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431]
- [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431]
- [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431]
- [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431]
- [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297]
- [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297]
- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824}
- [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139]
- [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919]
- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559]
- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559]
- [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025]

[2.6.32-733]
- [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786]
- [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263]
- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860]
- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862]
- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108]

[2.6.32-732]
- [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988]
- [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988]
- [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322]
- [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105]
- [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956]
- [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856]

[2.6.32-731]
- [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631]
- [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631]
- [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631]
- [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631]
- [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631]
- [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631]
- [fs] fscache: make check_consistency callback return int (David Howells) [1418631]
- [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631]
- [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631]
- [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654]
- [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630]
- [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448]
- [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999]
- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168]

[2.6.32-730]
- [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455]
- [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190}
- [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190}

[2.6.32-729]
- [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260]

[2.6.32-728]
- [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754]
- [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952]
- [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097]
- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991]
- [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036]
- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549]

[2.6.32-727]
- [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220]
- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220]

[2.6.32-726]
- [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962]

[2.6.32-725]
- [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000]
- [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915]

[2.6.32-724]
- [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787]
- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787]
- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787]
- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787]
- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787]
- [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787]

[2.6.32-723]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]
- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]
- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846]

[2.6.32-722]
- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152]
- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176}

[2.6.32-721]
- [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034]
- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308}
- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253}

[2.6.32-720]
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106}
- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106}
- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542}
- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542}
- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112}
- [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}
- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112}

[2.6.32-719]
- [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636]
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251}

[2.6.32-718]
- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288]
- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288]

[2.6.32-717]
- [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097]

[2.6.32-716]
- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773]
- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541}
- [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169]
- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169]
- [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169]
- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169]
- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169]
- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169]

[2.6.32-715]
- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530]

[2.6.32-714]
- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541]
- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541]
- [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541]
- [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541]

[2.6.32-713]
- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074}
- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074}
- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074}
- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074}
- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074}

[2.6.32-712]
- [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364}
- [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364}
- [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237]

[2.6.32-711]
- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978]
- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358]

[2.6.32-710]
- [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237]
- [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364}

[2.6.32-709]
- [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450]
- [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075}
- [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077}
- [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890}
- [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612]

[2.6.32-708]
- [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421]
- [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616}
- [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762]
- [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305]
- [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305]
- [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305]

[2.6.32-707]
- [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847]
- [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326]
- [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760]
- [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761]

[2.6.32-706]
- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030]
- [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672]

[2.6.32-705]
- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895}
- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895}
- [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001}
- [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001}
- [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001}
- [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001}
- [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001}
- [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440]

[2.6.32-704]
- [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170]
- [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909]

[2.6.32-703]
- [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942]
- [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942]

[2.6.32-702]
- [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361]
- [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671}
- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214}
- [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331]

[2.6.32-701]
- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727]
- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560]

[2.6.32-700]
- [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508]
- [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527]
- [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650}
- [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830}
- [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701}

[2.6.32-699]
- [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881]
- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881]

[2.6.32-698]
- [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762]
- [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762]
- [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762]
- [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762]

[2.6.32-697]
- [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910}
- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749]
- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930]
- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636}


Related CVEs


CVE-2016-8650
CVE-2017-6001
CVE-2017-8890
CVE-2017-7308
CVE-2017-9077
CVE-2017-2671
CVE-2017-7616
CVE-2017-7889
CVE-2017-9076
CVE-2017-9075
CVE-2017-12190
CVE-2017-15121
CVE-2017-18203
CVE-2018-3639
CVE-2012-6701
CVE-2015-8830
CVE-2018-5803
CVE-2018-1130

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-754.el6.src.rpme650c62dbe6c1b98f40a847feb996bcbELSA-2021-9212
kernel-2.6.32-754.el6.i686.rpm010c548063c56cb306310aa43d7403a7ELSA-2021-9212
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm09df12d88a725583db4ee7b4456ed5d5ELSA-2021-9212
kernel-debug-2.6.32-754.el6.i686.rpmfc3a53aa417524c337a3773445381116ELSA-2021-9212
kernel-debug-devel-2.6.32-754.el6.i686.rpm3d372b9c0e130ccf76f8ac15680a1d89ELSA-2021-9212
kernel-devel-2.6.32-754.el6.i686.rpm05616fb19131eb310c29bf57b497a374ELSA-2021-9212
kernel-doc-2.6.32-754.el6.noarch.rpmb14d82e0d8b819b35094ae91462f8551ELSA-2021-9212
kernel-firmware-2.6.32-754.el6.noarch.rpm68f3ac95aee3bfe330f3d1f0ca91d03fELSA-2021-9212
kernel-headers-2.6.32-754.el6.i686.rpm6a9ba1801a30b55facf479375d616a37ELSA-2021-9212
perf-2.6.32-754.el6.i686.rpmb6f4fc55b16d7f3025b25c673b673f0cELSA-2021-9212
python-perf-2.6.32-754.el6.i686.rpm5e6bfc6262459ccc363482901defdbc1ELSA-2021-9212
Oracle Linux 6 (x86_64) kernel-2.6.32-754.el6.src.rpme650c62dbe6c1b98f40a847feb996bcbELSA-2021-9212
kernel-2.6.32-754.el6.x86_64.rpmbcb4a53b157e9be31f6ce8febe0f1126ELSA-2021-9212
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm09df12d88a725583db4ee7b4456ed5d5ELSA-2021-9212
kernel-debug-2.6.32-754.el6.x86_64.rpm241fc71f1945acee995b8c894002685fELSA-2021-9212
kernel-debug-devel-2.6.32-754.el6.i686.rpm3d372b9c0e130ccf76f8ac15680a1d89ELSA-2021-9212
kernel-debug-devel-2.6.32-754.el6.x86_64.rpmfa131d5d8975afdbadb1e3a338d2ea6aELSA-2021-9212
kernel-devel-2.6.32-754.el6.x86_64.rpm09dd4cafabd328d4a3684f7c94277c8eELSA-2021-9212
kernel-doc-2.6.32-754.el6.noarch.rpmb14d82e0d8b819b35094ae91462f8551ELSA-2021-9212
kernel-firmware-2.6.32-754.el6.noarch.rpm68f3ac95aee3bfe330f3d1f0ca91d03fELSA-2021-9212
kernel-headers-2.6.32-754.el6.x86_64.rpmbd8182358753f0ddf8b3d81c4580d37cELSA-2021-9212
perf-2.6.32-754.el6.x86_64.rpm905f1e3c6ad11edcabece66af783f2bcELSA-2021-9212
python-perf-2.6.32-754.el6.x86_64.rpmf9ff7ac4484f9e262a3993314501605cELSA-2021-9212



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete