{"id":"SUSE-SU-2018:1374-1","summary":"Security update for the Linux Kernel","details":"\n\nThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature\n  in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).\n\n  A new boot commandline option was introduced,\n  'spec_store_bypass_disable', which can have following values:\n\n  - auto: Kernel detects whether your CPU model contains an implementation\n    of Speculative Store Bypass and picks the most appropriate mitigation.\n  - on: disable Speculative Store Bypass\n  - off: enable Speculative Store Bypass\n  - prctl: Control Speculative Store Bypass per thread via\n    prctl. Speculative Store Bypass is enabled for a process by default. The\n    state of the control is inherited on fork.\n  - seccomp: Same as 'prctl' above, but all seccomp threads will disable\n    SSB unless they explicitly opt out.\n\n  The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.\n\n  Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:\n\n  - 'Vulnerable'\n  - 'Mitigation: Speculative Store Bypass disabled'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\n- CVE-2018-1000199: An address corruption flaw was discovered while\n  modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an\n  unprivileged user/process could use this flaw to crash the system kernel\n  resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)\n- CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed\n  local users to cause a denial of service (use-after-free) or possibly\n  have unspecified other impact via crafted system calls (bnc#1091755).\n\nThe following non-security bugs were fixed:\n\n- x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215).\n- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).\n- x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025).\n- x86/cpu/intel: Introduce macros for Intel family numbers (bsc985025).\n- x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).\n","modified":"2026-02-04T04:40:59.321976Z","published":"2018-05-22T13:21:02Z","related":["CVE-2018-1000199","CVE-2018-10675","CVE-2018-3639"],"upstream":["CVE-2018-1000199","CVE-2018-10675","CVE-2018-3639"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181374-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087845"},{"type":"REPORT","url":"https://bugzilla.suse.com/1089895"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091755"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092497"},{"type":"REPORT","url":"https://bugzilla.suse.com/1093215"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094019"},{"type":"REPORT","url":"https://bugzilla.suse.com/985025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000199"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10675"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3639"}],"affected":[{"package":{"name":"kernel-ec2","ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","purl":"pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-ec2-devel":"3.12.61-52.133.1","kernel-ec2-extra":"3.12.61-52.133.1","kernel-ec2":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}},{"package":{"name":"kernel-default","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-xen":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-default":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1","kernel-devel":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}},{"package":{"name":"kernel-source","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-xen":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-default":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1","kernel-devel":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}},{"package":{"name":"kernel-syms","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-xen":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-default":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1","kernel-devel":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}},{"package":{"name":"kernel-xen","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-xen":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-default":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1","kernel-devel":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}},{"package":{"name":"kgraft-patch-SLE12_Update_35","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_35&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1-1.5.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-xen":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-default":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1","kernel-devel":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1374-1.json"}}],"schema_version":"1.7.3"}