SUSE-SU-2018:1374-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181374-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1374-1
Related
Published
2018-05-22T13:21:02Z
Modified
2018-05-22T13:21:02Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes.

The following security bugs were fixed:

  • CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).

    A new boot commandline option was introduced, 'specstorebypass_disable', which can have following values:

    • auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
    • on: disable Speculative Store Bypass
    • off: enable Speculative Store Bypass
    • prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
    • seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out.

    The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.

    Status can be queried via the /sys/devices/system/cpu/vulnerabilities/specstorebypass file, containing:

    • 'Vulnerable'
    • 'Mitigation: Speculative Store Bypass disabled'
    • 'Mitigation: Speculative Store Bypass disabled via prctl'
    • 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'
  • CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modifyuserhw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)

  • CVE-2018-10675: The dogetmempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755).

The following non-security bugs were fixed:

  • x86/bugs: Make sure that TIFSSBD does not end up in TIFALLWORK_MASK (bsc#1093215).
  • x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
  • x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025).
  • x86/cpu/intel: Introduce macros for Intel family numbers (bsc985025).
  • x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.133.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.61-52.133.1",
            "kernel-ec2": "3.12.61-52.133.1",
            "kernel-ec2-devel": "3.12.61-52.133.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.133.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.133.1",
            "kernel-devel": "3.12.61-52.133.1",
            "kernel-default-base": "3.12.61-52.133.1",
            "kernel-default-man": "3.12.61-52.133.1",
            "kernel-xen-devel": "3.12.61-52.133.1",
            "kernel-default": "3.12.61-52.133.1",
            "kernel-source": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1",
            "kernel-xen-base": "3.12.61-52.133.1",
            "kernel-syms": "3.12.61-52.133.1",
            "kernel-default-devel": "3.12.61-52.133.1",
            "kernel-xen": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-default": "1-1.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.133.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.133.1",
            "kernel-devel": "3.12.61-52.133.1",
            "kernel-default-base": "3.12.61-52.133.1",
            "kernel-default-man": "3.12.61-52.133.1",
            "kernel-xen-devel": "3.12.61-52.133.1",
            "kernel-default": "3.12.61-52.133.1",
            "kernel-source": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1",
            "kernel-xen-base": "3.12.61-52.133.1",
            "kernel-syms": "3.12.61-52.133.1",
            "kernel-default-devel": "3.12.61-52.133.1",
            "kernel-xen": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-default": "1-1.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.133.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.133.1",
            "kernel-devel": "3.12.61-52.133.1",
            "kernel-default-base": "3.12.61-52.133.1",
            "kernel-default-man": "3.12.61-52.133.1",
            "kernel-xen-devel": "3.12.61-52.133.1",
            "kernel-default": "3.12.61-52.133.1",
            "kernel-source": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1",
            "kernel-xen-base": "3.12.61-52.133.1",
            "kernel-syms": "3.12.61-52.133.1",
            "kernel-default-devel": "3.12.61-52.133.1",
            "kernel-xen": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-default": "1-1.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.133.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.133.1",
            "kernel-devel": "3.12.61-52.133.1",
            "kernel-default-base": "3.12.61-52.133.1",
            "kernel-default-man": "3.12.61-52.133.1",
            "kernel-xen-devel": "3.12.61-52.133.1",
            "kernel-default": "3.12.61-52.133.1",
            "kernel-source": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1",
            "kernel-xen-base": "3.12.61-52.133.1",
            "kernel-syms": "3.12.61-52.133.1",
            "kernel-default-devel": "3.12.61-52.133.1",
            "kernel-xen": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-default": "1-1.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kgraft-patch-SLE12_Update_35

Package

Name
kgraft-patch-SLE12_Update_35
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_35&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-1.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.133.1",
            "kernel-devel": "3.12.61-52.133.1",
            "kernel-default-base": "3.12.61-52.133.1",
            "kernel-default-man": "3.12.61-52.133.1",
            "kernel-xen-devel": "3.12.61-52.133.1",
            "kernel-default": "3.12.61-52.133.1",
            "kernel-source": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-xen": "1-1.5.1",
            "kernel-xen-base": "3.12.61-52.133.1",
            "kernel-syms": "3.12.61-52.133.1",
            "kernel-default-devel": "3.12.61-52.133.1",
            "kernel-xen": "3.12.61-52.133.1",
            "kgraft-patch-3_12_61-52_133-default": "1-1.5.1"
        }
    ]
}