Security Vulnerability: Register File Data Sampling (RFDS) aka CVE-2023-28746
This document (000021404) is provided subject to the disclaimer at the end of this document.
Environment
Situation
This vulnerability only affects Intel Atom processors (aka XEON E cores).
Resolution
To retrieve the specific patch name, please use:
zypper lp -a --cve=CVE-2023-28746
and then use
zypper in -t patch <name_of_patch>
to apply the patch.
Status
Additional Information
The following options influence the mitigation:
- reg_file_data_sampling=on
If the CPU is vulnerable and fixed microcode is available, enables the mitigation.
- reg_file_data_sampling=off
Disables the mitigation.
This flag is also set by the generic "mitigations" option.
Reporting
A new reporting file was added:
/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling
This file can have following contents:
- Not affected
The CPU is not affected by the problem.
- Vulnerable
The CPU is vulnerable, but no mitigation is enabled.
- Vulnerable: No microcode
The CPU is vulnerable, but the CPU microcode is not updated.
- Mitigation: Clear Register File
The CPU is vulnerable and the CPU buffer clearing mitigation is enabled.
SUSE Security announcement:https://www.suse.com/security/cve/CVE-2023-28746
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021404
- Creation Date: 13-Mar-2024
- Modified Date:14-Mar-2024
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
