{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-ec2":"3.12.61-52.133.1","kernel-ec2-devel":"3.12.61-52.133.1","kernel-ec2-extra":"3.12.61-52.133.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","name":"kernel-ec2","purl":"pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-devel":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1","kernel-xen":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-devel":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1","kernel-xen":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-devel":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1","kernel-xen":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-devel":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1","kernel-xen":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-xen","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.133.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.133.1","kernel-default-base":"3.12.61-52.133.1","kernel-default-devel":"3.12.61-52.133.1","kernel-default-man":"3.12.61-52.133.1","kernel-devel":"3.12.61-52.133.1","kernel-macros":"3.12.61-52.133.1","kernel-source":"3.12.61-52.133.1","kernel-syms":"3.12.61-52.133.1","kernel-xen":"3.12.61-52.133.1","kernel-xen-base":"3.12.61-52.133.1","kernel-xen-devel":"3.12.61-52.133.1","kgraft-patch-3_12_61-52_133-default":"1-1.5.1","kgraft-patch-3_12_61-52_133-xen":"1-1.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kgraft-patch-SLE12_Update_35","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_35&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-1.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature\n  in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).\n\n  A new boot commandline option was introduced,\n  'spec_store_bypass_disable', which can have following values:\n\n  - auto: Kernel detects whether your CPU model contains an implementation\n    of Speculative Store Bypass and picks the most appropriate mitigation.\n  - on: disable Speculative Store Bypass\n  - off: enable Speculative Store Bypass\n  - prctl: Control Speculative Store Bypass per thread via\n    prctl. Speculative Store Bypass is enabled for a process by default. The\n    state of the control is inherited on fork.\n  - seccomp: Same as 'prctl' above, but all seccomp threads will disable\n    SSB unless they explicitly opt out.\n\n  The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.\n\n  Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:\n\n  - 'Vulnerable'\n  - 'Mitigation: Speculative Store Bypass disabled'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\n- CVE-2018-1000199: An address corruption flaw was discovered while\n  modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an\n  unprivileged user/process could use this flaw to crash the system kernel\n  resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)\n- CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed\n  local users to cause a denial of service (use-after-free) or possibly\n  have unspecified other impact via crafted system calls (bnc#1091755).\n\nThe following non-security bugs were fixed:\n\n- x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215).\n- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).\n- x86/cpu/intel: Introduce macros for Intel family numbers (bsc#985025).\n- x86/cpu/intel: Introduce macros for Intel family numbers (bsc985025).\n- x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).\n","id":"SUSE-SU-2018:1374-1","modified":"2018-05-22T13:21:02Z","published":"2018-05-22T13:21:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181374-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087845"},{"type":"REPORT","url":"https://bugzilla.suse.com/1089895"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091755"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092497"},{"type":"REPORT","url":"https://bugzilla.suse.com/1093215"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094019"},{"type":"REPORT","url":"https://bugzilla.suse.com/985025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000199"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10675"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3639"}],"related":["CVE-2018-1000199","CVE-2018-10675","CVE-2018-3639"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2018-1000199","CVE-2018-10675","CVE-2018-3639"]}