Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:1368-1
Rating:	important
References:	bsc#1046610 bsc#1052943 bsc#1068032 bsc#1075087 bsc#1075088 bsc#1080157 bsc#1084760 bsc#1087082 bsc#1087092 bsc#1089895 bsc#1090630 bsc#1090888 bsc#1091041 bsc#1091671 bsc#1091755 bsc#1091815 bsc#1092372 bsc#1092497 bsc#1094019
Cross-References:	CVE-2017-5715 CVE-2017-5753 CVE-2018-1000199 CVE-2018-10675 CVE-2018-3639
CVSS scores:	CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-1000199 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2018-1000199 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-10675 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-10675 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-10675 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves five vulnerabilities and has 14 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).

A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values:

• auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.
• on: disable Speculative Store Bypass
• off: enable Speculative Store Bypass
• prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.
• seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out.

The default is "seccomp", meaning programs need explicit opt-in into the mitigation.

Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

• "Vulnerable"
• "Mitigation: Speculative Store Bypass disabled"
• "Mitigation: Speculative Store Bypass disabled via prctl"

• "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"

• CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)

• CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755).
• CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled also for 32bit x86.
• CVE-2017-5753: Spectre v1 mitigations have been improved by the versions merged from the upstream kernel.

The following non-security bugs were fixed:

• Avoid quadratic search when freeing delegations (bsc#1084760).
• cifs: fix crash due to race in hmac(md5) handling (bsc#1091671).
• hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1087092).
• mmc: jz4740: Fix race condition in IRQ mask update (bsc#1090888).
• powerpc/64: Disable gmb() on powerpc
• powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157).
• powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157).
• powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157).
• powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032).
• powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041).
• powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157).
• powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157).
• powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc: Move default security feature flags (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc: Move local setup.h declarations to arch includes (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075088, bsc#1091815).
• powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157).
• series.conf: fix the header It was corrupted back in 2015.
• tracing: Create seq_buf layer in trace_seq (bsc#1091815).
• Update config files. Enable retpolines for i386 build.
• usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1090888).
• usb: hub: fix SS hub-descriptor handling (bsc#1092372).
• x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
• x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1090630)
• x86/xen: disable IBRS around CPU stopper function invocation
• xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).
• xfs: fix buffer use after free on IO error (bsc#1052943).
• xfs: prevent recursion in xfs_buf_iorequest (bsc#1052943).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-kernel-20180512-13618=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-kernel-20180512-13618=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-kernel-20180512-13618=1

Package List:

• SUSE Linux Enterprise Software Development Kit 11 SP4 (noarch)
  • kernel-docs-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 nosrc)
  • kernel-default-3.0.101-108.48.1
  • kernel-trace-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • kernel-default-base-3.0.101-108.48.1
  • kernel-syms-3.0.101-108.48.1
  • kernel-default-devel-3.0.101-108.48.1
  • kernel-source-3.0.101-108.48.1
  • kernel-trace-devel-3.0.101-108.48.1
  • kernel-trace-base-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
  • kernel-xen-3.0.101-108.48.1
  • kernel-ec2-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
  • kernel-xen-base-3.0.101-108.48.1
  • kernel-ec2-devel-3.0.101-108.48.1
  • kernel-ec2-base-3.0.101-108.48.1
  • kernel-xen-devel-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
  • kernel-pae-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (i586)
  • kernel-pae-devel-3.0.101-108.48.1
  • kernel-pae-base-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
  • kernel-bigmem-3.0.101-108.48.1
  • kernel-ppc64-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64)
  • kernel-ppc64-devel-3.0.101-108.48.1
  • kernel-ppc64-base-3.0.101-108.48.1
  • kernel-bigmem-devel-3.0.101-108.48.1
  • kernel-bigmem-base-3.0.101-108.48.1
• SUSE Linux Enterprise Server 11 SP4 (s390x)
  • kernel-default-man-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (ppc64 nosrc)
  • kernel-bigmem-3.0.101-108.48.1
  • kernel-ppc64-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (ppc64)
  • kernel-ppc64-devel-3.0.101-108.48.1
  • kernel-ppc64-base-3.0.101-108.48.1
  • kernel-bigmem-devel-3.0.101-108.48.1
  • kernel-bigmem-base-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
  • kernel-default-3.0.101-108.48.1
  • kernel-trace-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (ppc64 x86_64)
  • kernel-default-base-3.0.101-108.48.1
  • kernel-syms-3.0.101-108.48.1
  • kernel-default-devel-3.0.101-108.48.1
  • kernel-source-3.0.101-108.48.1
  • kernel-trace-devel-3.0.101-108.48.1
  • kernel-trace-base-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (nosrc x86_64)
  • kernel-xen-3.0.101-108.48.1
  • kernel-ec2-3.0.101-108.48.1
• SLES for SAP Applications 11-SP4 (x86_64)
  • kernel-xen-base-3.0.101-108.48.1
  • kernel-ec2-devel-3.0.101-108.48.1
  • kernel-ec2-base-3.0.101-108.48.1
  • kernel-xen-devel-3.0.101-108.48.1

References:

• https://www.suse.com/security/cve/CVE-2017-5715.html
• https://www.suse.com/security/cve/CVE-2017-5753.html
• https://www.suse.com/security/cve/CVE-2018-1000199.html
• https://www.suse.com/security/cve/CVE-2018-10675.html
• https://www.suse.com/security/cve/CVE-2018-3639.html
• https://bugzilla.suse.com/show_bug.cgi?id=1046610
• https://bugzilla.suse.com/show_bug.cgi?id=1052943
• https://bugzilla.suse.com/show_bug.cgi?id=1068032
• https://bugzilla.suse.com/show_bug.cgi?id=1075087
• https://bugzilla.suse.com/show_bug.cgi?id=1075088
• https://bugzilla.suse.com/show_bug.cgi?id=1080157
• https://bugzilla.suse.com/show_bug.cgi?id=1084760
• https://bugzilla.suse.com/show_bug.cgi?id=1087082
• https://bugzilla.suse.com/show_bug.cgi?id=1087092
• https://bugzilla.suse.com/show_bug.cgi?id=1089895
• https://bugzilla.suse.com/show_bug.cgi?id=1090630
• https://bugzilla.suse.com/show_bug.cgi?id=1090888
• https://bugzilla.suse.com/show_bug.cgi?id=1091041
• https://bugzilla.suse.com/show_bug.cgi?id=1091671
• https://bugzilla.suse.com/show_bug.cgi?id=1091755
• https://bugzilla.suse.com/show_bug.cgi?id=1091815
• https://bugzilla.suse.com/show_bug.cgi?id=1092372
• https://bugzilla.suse.com/show_bug.cgi?id=1092497
• https://bugzilla.suse.com/show_bug.cgi?id=1094019