Bug 1195283 – VUL-0: CVE-2022-0001, CVE-2022-0002: gcc: mitigate BHB speculation issues

Bug 1195283 - VUL-0: CVE-2022-0001, CVE-2022-0002: gcc: mitigate BHB speculation issues


Summary:	VUL-0: CVE-2022-0001, CVE-2022-0002: gcc: mitigate BHB speculation issues

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Richard Biener
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/312331/
Whiteboard:
Keywords:

Depends on:	CVE-2022-0001
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-01-28 16:07 UTC by Marcus Meissner
Modified:	2022-07-22 08:40 UTC (History)
CC List:	10 users (show)

See Also:	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102952
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Flags:	rguenther: needinfo? (meissner)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Marcus Meissner 2022-02-22 08:02:21 UTC

CRD: 2022-03-08 10:00PT

Comment 9 Marcus Meissner 2022-03-08 18:06:49 UTC

issue is now public

https://www.vusec.net/projects/bhi-spectre-bhb/

https://twitter.com/vu5ec/status/1501256481097883648

Comment 11 Swamp Workflow Management 2022-06-02 19:19:45 UTC

SUSE-RU-2022:1926-1: An update that has 5 recommended fixes and contains one feature can now be installed.

Category: recommended (moderate)
Bug References: 1192951,1193659,1195283,1196861,1197065
CVE References: 
JIRA References: OBS-124
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud Crowbar 8 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud 9 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud 8 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP5 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Module for Toolchain 12 (src):    cross-nvptx-gcc11-11.3.0+git1637-1.10.1, gcc11-11.3.0+git1637-1.10.1, gcc11-testresults-11.3.0+git1637-1.10.1
HPE Helion Openstack 8 (src):    gcc11-11.3.0+git1637-1.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-06-08 19:17:36 UTC

SUSE-RU-2022:2019-1: An update that has 5 recommended fixes and contains one feature can now be installed.

Category: recommended (moderate)
Bug References: 1192951,1193659,1195283,1196861,1197065
CVE References: 
JIRA References: OBS-124
Sources used:
openSUSE Leap 15.4 (src):    cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1, cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-arm-gcc11-11.3.0+git1637-150000.1.9.1, cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1, cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1, cross-mips-gcc11-11.3.0+git1637-150000.1.9.1, cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
openSUSE Leap 15.3 (src):    cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1, cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-arm-gcc11-11.3.0+git1637-150000.1.9.1, cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1, cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1, cross-mips-gcc11-11.3.0+git1637-150000.1.9.1, cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Micro 5.2 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Micro 5.1 (src):    gcc11-11.3.0+git1637-150000.1.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 OBSbugzilla Bot 2022-07-22 08:40:03 UTC

This is an autogenerated message for OBS integration:
This bug (1195283) was mentioned in
https://build.opensuse.org/request/show/990640 Factory / gcc11