{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"kgraft-patch-SLE12-SP2_Update_22","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_22&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-3.5.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cluster-md-kmp-default":"4.4.121-92.80.1","cluster-network-kmp-default":"4.4.121-92.80.1","dlm-kmp-default":"4.4.121-92.80.1","gfs2-kmp-default":"4.4.121-92.80.1","ocfs2-kmp-default":"4.4.121-92.80.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP2","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"kgraft-patch-SLE12-SP2_Update_22","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-3.5.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-default-man":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"kgraft-patch-SLE12-SP2_Update_22","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_22&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-3.5.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.121-92.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"4.4.121-92.80.1","kernel-default-base":"4.4.121-92.80.1","kernel-default-devel":"4.4.121-92.80.1","kernel-devel":"4.4.121-92.80.1","kernel-macros":"4.4.121-92.80.1","kernel-source":"4.4.121-92.80.1","kernel-syms":"4.4.121-92.80.1","kgraft-patch-4_4_121-92_80-default":"1-3.5.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"kgraft-patch-SLE12-SP2_Update_22","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_22&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-3.5.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bug was fixed:\n\n- CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature\n  in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).\n\n  A new boot commandline option was introduced,\n  'spec_store_bypass_disable', which can have following values:\n\n  - auto: Kernel detects whether your CPU model contains an implementation\n    of Speculative Store Bypass and picks the most appropriate mitigation.\n  - on: disable Speculative Store Bypass\n  - off: enable Speculative Store Bypass\n  - prctl: Control Speculative Store Bypass per thread via\n    prctl. Speculative Store Bypass is enabled for a process by default. The\n    state of the control is inherited on fork.\n  - seccomp: Same as 'prctl' above, but all seccomp threads will disable\n    SSB unless they explicitly opt out.\n\n  The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.\n\n  Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:\n\n  - 'Vulnerable'\n  - 'Mitigation: Speculative Store Bypass disabled'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl'\n  - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'\n\nThe following related and non-security bugs were fixed:\n\n- cpuid: Fix cpuid.edx.7.0 propagation to guest\n- ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953).\n- ibmvnic: Clean actual number of RX or TX pools (bsc#1092289).\n- kvm: Introduce nopvspin kernel parameter (bsc#1056427).\n- kvm: Fix nopvspin static branch init usage (bsc#1056427).\n- powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157).\n- powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).\n- powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157).\n- powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157).\n- powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032).\n- powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).\n- powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041).\n- powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157).\n","id":"SUSE-SU-2018:1377-1","modified":"2018-05-22T11:48:41Z","published":"2018-05-22T11:48:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181377-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056427"},{"type":"REPORT","url":"https://bugzilla.suse.com/1068032"},{"type":"REPORT","url":"https://bugzilla.suse.com/1075087"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080157"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1090953"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091041"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092289"},{"type":"REPORT","url":"https://bugzilla.suse.com/1093215"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094019"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3639"}],"related":["CVE-2018-3639"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2018-3639"]}