[SUSE-SU-2018:1375-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
21
CVEs
3
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature
in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).A new boot commandline option was introduced,
'spec_store_bypass_disable', which can have following values:- auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
- on: disable Speculative Store Bypass
- off: enable Speculative Store Bypass
- prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
- seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out.
The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.
Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:
- 'Vulnerable'
- 'Mitigation: Speculative Store Bypass disabled'
- 'Mitigation: Speculative Store Bypass disabled via prctl'
- 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'
CVE-2018-1000199: An address corruption flaw was discovered while
modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
unprivileged user/process could use this flaw to crash the system kernel
resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed
local users to cause a denial of service (use-after-free) or possibly
have unspecified other impact via crafted system calls (bnc#1091755).
The following non-security bugs were fixed:
- x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215).
- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
- x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025).
- x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).
- ID
- SUSE-SU-2018:1375-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20181375-1/
- Published
-
2018-05-22T11:30:24
(6 years ago) - Modified
-
2018-05-22T11:30:24
(6 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2018-1023
-
ALAS-2018-1034
-
ALAS-2018-1037
-
ALAS-2018-1038
-
ALAS-2018-1039
-
ALAS2-2018-1023
-
ALAS2-2018-1033
-
ALAS2-2018-1034
-
ALAS2-2018-1037
-
ALAS2-2018-1038
-
ALAS2-2018-1039
-
ALAS2-2018-1049
-
ALAS2-2018-994
-
ALPINE:CVE-2018-3639
-
CISCO-SA-20180521-CPUSIDECHANNEL
-
DSA-4187-1
-
DSA-4188-1
-
DSA-4210-1
-
DSA-4273-1
-
DSA-4273-2
-
ELSA-2018-1318
-
ELSA-2018-1629
-
ELSA-2018-1632
-
ELSA-2018-1633
-
ELSA-2018-1647
-
ELSA-2018-1648
-
ELSA-2018-1649
-
ELSA-2018-1650
-
ELSA-2018-1651
-
ELSA-2018-1660
-
ELSA-2018-1669
-
ELSA-2018-1854
-
ELSA-2018-1965
-
ELSA-2018-1997
-
ELSA-2018-2001
-
ELSA-2018-2162
-
ELSA-2018-2164
-
ELSA-2018-2384
-
ELSA-2018-4114
-
ELSA-2018-4126
-
ELSA-2018-4134
-
ELSA-2018-4145
-
ELSA-2018-4198
-
ELSA-2018-4211
-
ELSA-2018-4214
-
ELSA-2018-4235
-
ELSA-2018-4285
-
ELSA-2018-4289
-
ELSA-2019-4531
-
ELSA-2019-4585
-
FEDORA-2018-0edb45d9db
-
FEDORA-2018-1621b2204a
-
FEDORA-2018-1a467757ce
-
FEDORA-2018-1c80fea1cd
-
FEDORA-2018-2a0f8b2c9d
-
FEDORA-2018-2b053454a4
-
FEDORA-2018-2c6bd93875
-
FEDORA-2018-2ee3411cb8
-
FEDORA-2018-2f6df9abfb
-
FEDORA-2018-3857a8b41a
-
FEDORA-2018-44f8a7454d
-
FEDORA-2018-49bda79bd5
-
FEDORA-2018-50075276e8
-
FEDORA-2018-527698a904
-
FEDORA-2018-537c8312fc
-
FEDORA-2018-5521156807
-
FEDORA-2018-59e4747e0f
-
FEDORA-2018-6367a17aa3
-
FEDORA-2018-683dfde81a
-
FEDORA-2018-6c1be5e1c8
-
FEDORA-2018-6e8c330d50
-
FEDORA-2018-73dd8de892
-
FEDORA-2018-74fb8b257b
-
FEDORA-2018-79d7c3d2df
-
FEDORA-2018-8422d94975
-
FEDORA-2018-8484550fff
-
FEDORA-2018-915602df63
-
FEDORA-2018-93af520878
-
FEDORA-2018-93c2e74446
-
FEDORA-2018-94315e9a6b
-
FEDORA-2018-9d0e4e40b5
-
FEDORA-2018-9f02e5ed7b
-
FEDORA-2018-9f4381d8c4
-
FEDORA-2018-a0914af224
-
FEDORA-2018-a7862a75f5
-
FEDORA-2018-aec846c0ef
-
FEDORA-2018-b57db4753c
-
FEDORA-2018-b68776e5b0
-
FEDORA-2018-b997780dca
-
FEDORA-2018-bb7aab12cb
-
FEDORA-2018-c0a1284064
-
FEDORA-2018-c449dc1c9c
-
FEDORA-2018-ca0e10fc6e
-
FEDORA-2018-cc812838fb
-
FEDORA-2018-d3cb6f113c
-
FEDORA-2018-d77cc41f35
-
FEDORA-2018-d82a45d9ab
-
FEDORA-2018-d92fde52d7
-
FEDORA-2018-db0d3e157e
-
FEDORA-2018-ddbaca855e
-
FEDORA-2018-e820fccd83
-
FEDORA-2018-e8f793bbfc
-
FEDORA-2018-f1b818a5c9
-
FEDORA-2018-f20a0cead5
-
FEDORA-2018-f8cba144ae
-
FEDORA-2018-fe24359b69
-
FEDORA-2019-16de0047d4
-
FEDORA-2019-196ab64d65
-
FEDORA-2019-1b986880ea
-
FEDORA-2019-20a89ca9af
-
FEDORA-2019-337484d88b
-
FEDORA-2019-3854a1727e
-
FEDORA-2019-3da64f3e61
-
FEDORA-2019-3f9a71578d
-
FEDORA-2019-4002b91800
-
FEDORA-2019-509c133845
-
FEDORA-2019-65c6d11eba
-
FEDORA-2019-6e146a714c
-
FEDORA-2019-7d3500d712
-
FEDORA-2019-8f2b27efce
-
FEDORA-2019-a6cd583a8d
-
FEDORA-2019-a87aba290f
-
FEDORA-2019-bce6498890
-
FEDORA-2019-c36afa818c
-
FEDORA-2019-c701e6605a
-
FEDORA-2019-ce2933b003
-
FEDORA-2019-ec644ec323
-
openSUSE-SU-2019:1438-1
-
openSUSE-SU-2020:0801-1
-
openSUSE-SU-2020:1325-1
-
RHSA-2018:1318
-
RHSA-2018:1355
-
RHSA-2018:1629
-
RHSA-2018:1630
-
RHSA-2018:1632
-
RHSA-2018:1633
-
RHSA-2018:1647
-
RHSA-2018:1648
-
RHSA-2018:1649
-
RHSA-2018:1650
-
RHSA-2018:1651
-
RHSA-2018:1660
-
RHSA-2018:1669
-
RHSA-2018:1854
-
RHSA-2018:1965
-
RHSA-2018:1997
-
RHSA-2018:2001
-
RHSA-2018:2003
-
RHSA-2018:2162
-
RHSA-2018:2164
-
RHSA-2018:2384
-
RHSA-2018:2395
-
SSA:2018-208-01
-
SUSE-SU-2018:1222-1
-
SUSE-SU-2018:1223-1
-
SUSE-SU-2018:1224-1
-
SUSE-SU-2018:1225-1
-
SUSE-SU-2018:1226-1
-
SUSE-SU-2018:1227-1
-
SUSE-SU-2018:1228-1
-
SUSE-SU-2018:1229-1
-
SUSE-SU-2018:1230-1
-
SUSE-SU-2018:1231-1
-
SUSE-SU-2018:1232-1
-
SUSE-SU-2018:1233-1
-
SUSE-SU-2018:1234-1
-
SUSE-SU-2018:1235-1
-
SUSE-SU-2018:1236-1
-
SUSE-SU-2018:1237-1
-
SUSE-SU-2018:1238-1
-
SUSE-SU-2018:1239-1
-
SUSE-SU-2018:1240-1
-
SUSE-SU-2018:1241-1
-
SUSE-SU-2018:1242-1
-
SUSE-SU-2018:1243-1
-
SUSE-SU-2018:1244-1
-
SUSE-SU-2018:1245-1
-
SUSE-SU-2018:1246-1
-
SUSE-SU-2018:1247-1
-
SUSE-SU-2018:1248-1
-
SUSE-SU-2018:1249-1
-
SUSE-SU-2018:1250-1
-
SUSE-SU-2018:1251-1
-
SUSE-SU-2018:1252-1
-
SUSE-SU-2018:1253-1
-
SUSE-SU-2018:1254-1
-
SUSE-SU-2018:1255-1
-
SUSE-SU-2018:1256-1
-
SUSE-SU-2018:1257-1
-
SUSE-SU-2018:1258-1
-
SUSE-SU-2018:1259-1
-
SUSE-SU-2018:1260-1
-
SUSE-SU-2018:1261-1
-
SUSE-SU-2018:1262-1
-
SUSE-SU-2018:1263-1
-
SUSE-SU-2018:1264-1
-
SUSE-SU-2018:1266-1
-
SUSE-SU-2018:1267-1
-
SUSE-SU-2018:1268-1
-
SUSE-SU-2018:1269-1
-
SUSE-SU-2018:1270-1
-
SUSE-SU-2018:1272-1
-
SUSE-SU-2018:1273-1
-
SUSE-SU-2018:1362-1
-
SUSE-SU-2018:1362-2
-
SUSE-SU-2018:1363-1
-
SUSE-SU-2018:1366-1
-
SUSE-SU-2018:1368-1
-
SUSE-SU-2018:1374-1
-
SUSE-SU-2018:1376-1
-
SUSE-SU-2018:1377-1
-
SUSE-SU-2018:1377-2
-
SUSE-SU-2018:1378-1
-
SUSE-SU-2018:1386-1
-
SUSE-SU-2018:1389-1
-
SUSE-SU-2018:1452-1
-
SUSE-SU-2018:1456-1
-
SUSE-SU-2018:1475-1
-
SUSE-SU-2018:1479-1
-
SUSE-SU-2018:1508-1
-
SUSE-SU-2018:1525-1
-
SUSE-SU-2018:1550-1
-
SUSE-SU-2018:1551-1
-
SUSE-SU-2018:1582-1
-
SUSE-SU-2018:1603-1
-
SUSE-SU-2018:1614-1
-
SUSE-SU-2018:1614-2
-
SUSE-SU-2018:1658-1
-
SUSE-SU-2018:1699-1
-
SUSE-SU-2018:1699-2
-
SUSE-SU-2018:1816-1
-
SUSE-SU-2018:1846-1
-
SUSE-SU-2018:1855-1
-
SUSE-SU-2018:1855-2
-
SUSE-SU-2018:1926-1
-
SUSE-SU-2018:1935-1
-
SUSE-SU-2018:1935-2
-
SUSE-SU-2018:2076-1
-
SUSE-SU-2018:2082-1
-
SUSE-SU-2018:2092-1
-
SUSE-SU-2018:2141-1
-
SUSE-SU-2018:2304-1
-
SUSE-SU-2018:2331-1
-
SUSE-SU-2018:2331-2
-
SUSE-SU-2018:2335-1
-
SUSE-SU-2018:2338-1
-
SUSE-SU-2018:2340-1
-
SUSE-SU-2018:2528-1
-
SUSE-SU-2018:2556-1
-
SUSE-SU-2018:2565-1
-
SUSE-SU-2018:2615-1
-
SUSE-SU-2018:2650-1
-
SUSE-SU-2018:2973-1
-
SUSE-SU-2018:2973-2
-
SUSE-SU-2018:3064-1
-
SUSE-SU-2018:3064-2
-
SUSE-SU-2018:3064-3
-
SUSE-SU-2018:3555-1
-
SUSE-SU-2019:0049-1
-
SUSE-SU-2019:0049-2
-
SUSE-SU-2019:0148-1
-
SUSE-SU-2019:1211-1
-
SUSE-SU-2019:1211-2
-
SUSE-SU-2019:1219-1
-
SUSE-SU-2019:2028-1
-
SUSE-SU-2020:1587-1
-
SUSE-SU-2020:1599-1
-
SUSE-SU-2020:1602-1
-
SUSE-SU-2020:1603-1
-
SUSE-SU-2020:1604-1
-
SUSE-SU-2020:1605-1
-
SUSE-SU-2020:1646-1
-
SUSE-SU-2020:1656-1
-
SUSE-SU-2020:1663-1
-
SUSE-SU-2020:1671-1
-
SUSE-SU-2020:1754-1
-
SUSE-SU-2020:1758-1
-
SUSE-SU-2020:1775-1
-
SUSE-SU-2020:2156-1
-
SUSE-SU-2020:2478-1
-
SUSE-SU-2020:2487-1
-
SUSE-SU-2020:2540-1
-
SUSE-SU-2020:2605-1
-
SUSE-SU-2021:3007-1
-
SUSE-SU-2021:3969-1
-
SUSE-SU-2023:3324-1
-
SUSE-SU-2023:3333-1
-
SUSE-SU-2023:3349-1
-
USN-3641-1
-
USN-3641-2
-
USN-3651-1
-
USN-3652-1
-
USN-3653-1
-
USN-3653-2
-
USN-3654-1
-
USN-3654-2
-
USN-3655-1
-
USN-3655-2
-
USN-3679-1
-
USN-3680-1
-
USN-3754-1
-
USN-3756-1
-
USN-3777-3
-
VU:180049
-
XSA-263
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/kgraft-patch-3_12_74-60_64_93-xen?arch=x86_64&distro=sles-12&sp=1 | suse |
 kgraft-patch-3_12_74-60_64_93-xen
|
< 1-2.5.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kgraft-patch-3_12_74-60_64_93-default?arch=x86_64&distro=sles-12&sp=1 | suse |
kgraft-patch-3_12_74-60_64_93-default
|
< 1-2.5.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-xen
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-xen-devel
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-xen-base
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-syms
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=1 | suse |
kernel-syms
|
< 3.12.74-60.64.93.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=1 | suse |
kernel-syms
|
< 3.12.74-60.64.93.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=1 | suse |
kernel-source
|
< 3.12.74-60.64.93.1 | sles-12 | noarch | |
| Affected | pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=1 | suse |
kernel-macros
|
< 3.12.74-60.64.93.1 | sles-12 | noarch | |
| Affected | pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=1 | suse |
kernel-devel
|
< 3.12.74-60.64.93.1 | sles-12 | noarch | |
| Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-default
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=1 | suse |
kernel-default
|
< 3.12.74-60.64.93.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=1 | suse |
kernel-default
|
< 3.12.74-60.64.93.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=1 | suse |
kernel-default-man
|
< 3.12.74-60.64.93.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-default-devel
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=1 | suse |
kernel-default-devel
|
< 3.12.74-60.64.93.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=1 | suse |
kernel-default-devel
|
< 3.12.74-60.64.93.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=1 | suse |
kernel-default-base
|
< 3.12.74-60.64.93.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=1 | suse |
kernel-default-base
|
< 3.12.74-60.64.93.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=1 | suse |
kernel-default-base
|
< 3.12.74-60.64.93.1 | sles-12 | ppc64le |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |