File _patchinfo of Package patchinfo.7437

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.7437

<patchinfo incident="7437">
  <issue id="1087082" tracker="bnc">VUL-0: EMBARGOED: CVE-2018-3639:  V4 – Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue id="1087845" tracker="bnc">SKL processor be add in blacklist of microcode broken in SLE12SP3 MU kernel branch</issue>
  <issue id="1089895" tracker="bnc">VUL-0: CVE-2018-1000199: kernel: ptrace() bug leading to DoS or possibly corruption</issue>
  <issue id="1091755" tracker="bnc">VUL-0: CVE-2018-10675: kernel-source: denial of service (use-after-free) in do_get_mempolicy function in mm/mempolicy.c</issue>
  <issue id="1092497" tracker="bnc">L3: ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline</issue>
  <issue id="1093215" tracker="bnc">prctl(PR_SPEC_STORE_BYPASS) never returns to userspace</issue>
  <issue id="1094019" tracker="bnc">XEN: sles11sp3ltss PV guests can not boot after latest kernel update</issue>
  <issue id="985025" tracker="bnc">Knights Landing A/D leak</issue>
  <issue id="2018-3639" tracker="cve" />
  <issue id="2018-1000199" tracker="cve" />
  <issue id="2018-10675" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alnovak</packager>
  <reboot_needed/>
  <description>

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes.

The following security bugs were fixed:

- CVE-2018-3639: Information leaks using "Memory Disambiguation" feature
  in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).

A new boot commandline option was introduced,
  "spec_store_bypass_disable", which can have following values:

- auto: Kernel detects whether your CPU model contains an implementation
    of Speculative Store Bypass and picks the most appropriate mitigation.
  - on: disable Speculative Store Bypass
  - off: enable Speculative Store Bypass
  - prctl: Control Speculative Store Bypass per thread via
    prctl. Speculative Store Bypass is enabled for a process by default. The
    state of the control is inherited on fork.
  - seccomp: Same as "prctl" above, but all seccomp threads will disable
    SSB unless they explicitly opt out.

The default is "seccomp", meaning programs need explicit opt-in into the mitigation.

Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

- "Vulnerable"
  - "Mitigation: Speculative Store Bypass disabled"
  - "Mitigation: Speculative Store Bypass disabled via prctl"
  - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"

- CVE-2018-1000199: An address corruption flaw was discovered while
  modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
  unprivileged user/process could use this flaw to crash the system kernel
  resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
- CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed
  local users to cause a denial of service (use-after-free) or possibly
  have unspecified other impact via crafted system calls (bnc#1091755).

The following non-security bugs were fixed:

- x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215).
- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
- x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025).
- x86/cpu/intel: Introduce macros for Intel family numbers (bsc985025).
- x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.7437

Places