Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1420-1 Final 1 1 2018-05-25T05:44:42Z current 2018-05-25T05:44:42Z 2018-05-25T05:44:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" The following non-security bugs were fixed: - allow_unsupported: add module tainting on feature use (FATE#323394). - powerpc/64/kexec: fix race in kexec when XIVE is shutdown (bsc#1088273). - reiserfs: mark read-write mode unsupported (FATE#323394). - reiserfs: package in separate KMP (FATE#323394). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00101.html E-Mail link for openSUSE-SU-2018:1420-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 kernel-debug-4.12.14-lp150.12.4.1 kernel-debug-base-4.12.14-lp150.12.4.1 kernel-debug-devel-4.12.14-lp150.12.4.1 kernel-default-4.12.14-lp150.12.4.1 kernel-default-base-4.12.14-lp150.12.4.1 kernel-default-devel-4.12.14-lp150.12.4.1 kernel-devel-4.12.14-lp150.12.4.1 kernel-docs-4.12.14-lp150.12.4.1 kernel-docs-html-4.12.14-lp150.12.4.1 kernel-kvmsmall-4.12.14-lp150.12.4.1 kernel-kvmsmall-base-4.12.14-lp150.12.4.1 kernel-kvmsmall-devel-4.12.14-lp150.12.4.1 kernel-macros-4.12.14-lp150.12.4.1 kernel-obs-build-4.12.14-lp150.12.4.1 kernel-obs-qa-4.12.14-lp150.12.4.1 kernel-source-4.12.14-lp150.12.4.1 kernel-source-vanilla-4.12.14-lp150.12.4.1 kernel-syms-4.12.14-lp150.12.4.1 kernel-debug-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-debug-base-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-debug-devel-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-default-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-default-base-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-default-devel-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-devel-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-docs-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-docs-html-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-kvmsmall-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-kvmsmall-base-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-kvmsmall-devel-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-macros-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-obs-build-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-obs-qa-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-source-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-source-vanilla-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 kernel-syms-4.12.14-lp150.12.4.1 as a component of openSUSE Leap 15.0 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.4.1 openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.4.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00101.html https://www.suse.com/security/cve/CVE-2018-3639.html CVE-2018-3639 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1085235 SUSE Bug 1085235 https://bugzilla.suse.com/1085308 SUSE Bug 1085308 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1100394 SUSE Bug 1100394 https://bugzilla.suse.com/1102640 SUSE Bug 1102640 https://bugzilla.suse.com/1105412 SUSE Bug 1105412 https://bugzilla.suse.com/1113769 SUSE Bug 1113769