1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2018:1376-1

[SUSE-SU-2018:1376-1] Security update for the Linux Kernel

Severity Important
Affected Packages 43
CVEs 5
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature
    in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).

    A new boot commandline option was introduced,
    'spec_store_bypass_disable', which can have following values:

    • auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
    • on: disable Speculative Store Bypass
    • off: enable Speculative Store Bypass
    • prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
    • seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out.

    The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.

    Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

    • 'Vulnerable'
    • 'Mitigation: Speculative Store Bypass disabled'
    • 'Mitigation: Speculative Store Bypass disabled via prctl'
    • 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'

  • CVE-2018-1000199: An address corruption flaw was discovered while
    modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
    unprivileged user/process could use this flaw to crash the system kernel
    resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)

  • CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed
    local users to cause a denial of service (use-after-free) or possibly
    have unspecified other impact via crafted system calls (bnc#1091755).

  • CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86.

  • CVE-2017-5753: Spectre v1 mitigations have been improved by the versions
    merged from the upstream kernel.

The following non-security bugs were fixed:

  • Update config files. Set CONFIG_RETPOLINE=y for i386.
  • x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
  • xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).
Package Affected Version
pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-xen?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-xen-devel?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-xen-base?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-devel?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-devel?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-base?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-trace-base?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-syms?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-source?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-source?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-pae?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-pae-devel?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-pae-base?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2-devel?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-ec2-base?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-devel?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-default-base?arch=i586&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-bigsmp?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-bigsmp-devel?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
pkg:rpm/suse/kernel-bigsmp-base?arch=x86_64&distro=sles-11&sp=3 < 3.0.101-0.47.106.29.1
ID
SUSE-SU-2018:1376-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2018/suse-su-20181376-1/
Published
2018-05-22T11:15:06
(6 years ago)
Modified
2018-05-22T11:15:06
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=3 suse kernel-xen < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen?arch=i586&distro=sles-11&sp=3 suse kernel-xen < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=3 suse kernel-xen-devel < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-devel?arch=i586&distro=sles-11&sp=3 suse kernel-xen-devel < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=3 suse kernel-xen-base < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-base?arch=i586&distro=sles-11&sp=3 suse kernel-xen-base < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=3 suse kernel-trace < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace?arch=s390x&distro=sles-11&sp=3 suse kernel-trace < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-trace?arch=i586&distro=sles-11&sp=3 suse kernel-trace < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=3 suse kernel-trace-devel < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-devel?arch=s390x&distro=sles-11&sp=3 suse kernel-trace-devel < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-trace-devel?arch=i586&distro=sles-11&sp=3 suse kernel-trace-devel < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=3 suse kernel-trace-base < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-base?arch=s390x&distro=sles-11&sp=3 suse kernel-trace-base < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-trace-base?arch=i586&distro=sles-11&sp=3 suse kernel-trace-base < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=3 suse kernel-syms < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-11&sp=3 suse kernel-syms < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-syms?arch=i586&distro=sles-11&sp=3 suse kernel-syms < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=3 suse kernel-source < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-source?arch=s390x&distro=sles-11&sp=3 suse kernel-source < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-source?arch=i586&distro=sles-11&sp=3 suse kernel-source < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-pae?arch=i586&distro=sles-11&sp=3 suse kernel-pae < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-pae-devel?arch=i586&distro=sles-11&sp=3 suse kernel-pae-devel < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-pae-base?arch=i586&distro=sles-11&sp=3 suse kernel-pae-base < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=3 suse kernel-ec2 < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2?arch=i586&distro=sles-11&sp=3 suse kernel-ec2 < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=3 suse kernel-ec2-devel < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-devel?arch=i586&distro=sles-11&sp=3 suse kernel-ec2-devel < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=3 suse kernel-ec2-base < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-base?arch=i586&distro=sles-11&sp=3 suse kernel-ec2-base < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=3 suse kernel-default < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-11&sp=3 suse kernel-default < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-default?arch=i586&distro=sles-11&sp=3 suse kernel-default < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-11&sp=3 suse kernel-default-man < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=3 suse kernel-default-devel < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-11&sp=3 suse kernel-default-devel < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=i586&distro=sles-11&sp=3 suse kernel-default-devel < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=3 suse kernel-default-base < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-11&sp=3 suse kernel-default-base < 3.0.101-0.47.106.29.1 sles-11 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=i586&distro=sles-11&sp=3 suse kernel-default-base < 3.0.101-0.47.106.29.1 sles-11 i586
Affected pkg:rpm/suse/kernel-bigsmp?arch=x86_64&distro=sles-11&sp=3 suse kernel-bigsmp < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-bigsmp-devel?arch=x86_64&distro=sles-11&sp=3 suse kernel-bigsmp-devel < 3.0.101-0.47.106.29.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-bigsmp-base?arch=x86_64&distro=sles-11&sp=3 suse kernel-bigsmp-base < 3.0.101-0.47.106.29.1 sles-11 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date