Bug 1087084 - (CVE-2018-3693) VUL-0: CVE-2018-3693: Bounds Check Bypass Store
(CVE-2018-3693)
VUL-0: CVE-2018-3693: Bounds Check Bypass Store
Status: RESOLVED FIXED
: 1101008 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Jiri Slaby
Security Team bot
https://smash.suse.de/issue/202790/
CVSSv3:SUSE:CVE-2018-3690:7.1:(AV:L/A...
:
Depends on:
Blocks: 1087078
  Show dependency treegraph
 
Reported: 2018-03-27 13:23 UTC by Marcus Meissner
Modified: 2020-06-08 19:13 UTC (History)
12 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
smatch_warns.txt (353.29 KB, text/plain)
2018-10-13 14:02 UTC, Marcus Meissner
Details
smatch_warns.txt (323.97 KB, text/plain)
2019-02-05 16:05 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 12 Marcus Meissner 2018-07-07 07:04:42 UTC
CVE was adjusted to CVE-2018-3693


CVSSv3 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Comment 13 Marcus Meissner 2018-07-10 19:44:12 UTC
is public now.
Comment 14 Marcus Meissner 2018-07-10 19:46:00 UTC
https://01.org/security/advisories/intel-oss-10002

Speculative Execution Branch Prediction Side Channel and Branch Prediction Analysis Method
Intel ID: 	INTEL-OSS-10002
Product family: 	Most Modern Operating Systems
Impact of vulnerability: 	Information Disclosure
Severity rating: 	Important
Original release: 	01/03/2018
Last revised: 	07/10/2018
CVE: 	CVE-2017-5753, CVE-2018-3693
Summary

On January 3, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

On Jul 10, 2018, additional research disclosed related variations of these methods.

Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
Description
CVE-2017-5753

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVE-2018-3693

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
    7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected Products

Most modern operating systems are impacted. Intel recommends checking with your Operating System Vendor(s) for updates or patches.
Recommendations

Along with other companies whose platforms are potentially impacted by these new methods, including AMD and ARM, Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software updates or developer guidance that can help protect systems from these methods. End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical.
Acknowledgements
Bounds Check Bypass - CVE-2017-5753

    Intel would like to thank Jann Horn with Google Project Zero for his original report and for working with the industry on coordinated disclosure.
    Intel would also like to thank the following researchers for working with us on coordinated disclosure.
        Moritz Lipp, Michael Schwarz, Daniel Gruss, Stefan Mangard from Graz University of Technology
        Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland, Mike Hamburg from Rambus, Cryptography Research Division and Yuval Yarom from University of Adelaide and Data61.
        Thomas Prescher and Werner Haas from Cyberus Technology, Germany

Bounds Check Bypass Store - CVE-2018-3693

    Intel would like to thank Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting and for working with the industry on coordinated disclosure.

 
Project: 
Intel Open Source Security Incident Response Team
Comment 15 Marcus Meissner 2018-07-11 06:27:53 UTC
The research paper is linked here:

https://people.csail.mit.edu/vlk/spectre11.pdf
Comment 16 Andreas Stieger 2018-07-12 11:26:37 UTC
*** Bug 1101008 has been marked as a duplicate of this bug. ***
Comment 17 Swamp Workflow Management 2018-07-27 18:09:18 UTC
SUSE-SU-2018:2092-1: An update that solves 22 vulnerabilities and has 246 fixes is now available.

Category: security (important)
Bug References: 1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1060463,1061024,1061840,1062897,1064802,1065600,1066110,1066129,1068032,1068054,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083900,1084001,1084570,1085308,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086652,1086739,1087078,1087082,1087084,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088354,1088690,1088704,1088722,1088796,1088804,1088821,1088866,1089115,1089268,1089467,1089608,1089663,1089664,1089667,1089669,1089752,1089753,1089878,1090150,1090457,1090605,1090643,1090646,1090658,1090734,1090888,1090953,1091158,1091171,1091424,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092472,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094912,1094978,1095042,1095094,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100394,1100416,1100418,1100491,1100602,1100633,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-3639,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.3.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.3.1, kernel-livepatch-SLE15_Update_1-1-1.3.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.3.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.3.1, kernel-obs-build-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-syms-4.12.14-25.3.1, kernel-vanilla-4.12.14-25.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-zfcpdump-4.12.14-25.3.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.3.1
Comment 18 Swamp Workflow Management 2018-07-28 13:34:40 UTC
openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available.

Category: security (important)
Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1
Comment 19 Swamp Workflow Management 2018-07-31 16:12:19 UTC
SUSE-SU-2018:2150-1: An update that solves 5 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1012382,1068032,1074562,1074578,1074701,1075006,1075419,1075748,1075876,1080039,1085185,1085657,1087084,1087939,1089525,1090435,1090888,1091171,1092207,1094244,1094248,1094643,1095453,1096790,1097034,1097140,1097492,1097501,1097551,1097808,1097931,1097961,1098016,1098236,1098425,1098435,1098527,1099042,1099183,1099279,1099713,1099732,1099810,1099918,1099924,1099966,1099993,1100089,1100340,1100416,1100418,1100491
CVE References: CVE-2017-5753,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.139-3.17.1, kernel-rt_debug-4.4.139-3.17.1, kernel-source-rt-4.4.139-3.17.1, kernel-syms-rt-4.4.139-3.17.1
Comment 20 Marcus Meissner 2018-10-12 14:36:05 UTC
The "smatch" tool has matchers for this.

Currently it would report this with a [w], like:

warn: potential spectre issue 'grp->bb_counters' [w] 

In kernel git currently are two commits:

commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85
Author: Jeremy Cline <jcline@redhat.com>
Date:   Thu Aug 2 00:03:40 2018 -0400

    ext4: fix spectre gadget in ext4_mb_regular_allocator()
    
    'ac->ac_g_ex.fe_len' is a user-controlled value which is used in the
    derivation of 'ac->ac_2order'. 'ac->ac_2order', in turn, is used to
    index arrays which makes it a potential spectre gadget. Fix this by
    sanitizing the value assigned to 'ac->ac2_order'.  This covers the
    following accesses found with the help of smatch:
    
    * fs/ext4/mballoc.c:1896 ext4_mb_simple_scan_group() warn: potential
      spectre issue 'grp->bb_counters' [w] (local cap)
    
    * fs/ext4/mballoc.c:445 mb_find_buddy() warn: potential spectre issue
      'EXT4_SB(e4b->bd_sb)->s_mb_offsets' [r] (local cap)
    
    * fs/ext4/mballoc.c:446 mb_find_buddy() warn: potential spectre issue
      'EXT4_SB(e4b->bd_sb)->s_mb_maxs' [r] (local cap)
    
    Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: Jeremy Cline <jcline@redhat.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Cc: stable@vger.kernel.org


commit bc5b6c0b62b932626a135f516a41838c510c6eba
Author: Jeremy Cline <jcline@redhat.com>
Date:   Tue Jul 31 21:13:16 2018 +0000

    netlink: Fix spectre v1 gadget in netlink_create()
    
    'protocol' is a user-controlled value, so sanitize it after the bounds
    check to avoid using it for speculative out-of-bounds access to arrays
    indexed by it.
    
    This addresses the following accesses detected with the help of smatch:
    
    * net/netlink/af_netlink.c:654 __netlink_create() warn: potential
      spectre issue 'nlk_cb_mutex_keys' [w]
    
    * net/netlink/af_netlink.c:654 __netlink_create() warn: potential
      spectre issue 'nlk_cb_mutex_key_strings' [w]
    
    * net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre
      issue 'nl_table' [w] (local cap)
    
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: Jeremy Cline <jcline@redhat.com>
    Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Comment 21 Marcus Meissner 2018-10-12 14:36:52 UTC
patches.kernel.org/4.4.146-114-netlink-Fix-spectre-v1-gadget-in-netlink_crea.patch:Git-commit: bc5b6c0b62b932626a135f516a41838c510c6eba

patches.kernel.org/4.4.152-067-ext4-fix-spectre-gadget-in-ext4_mb_regular_al.patch:Git-commit: 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85
Comment 22 Marcus Meissner 2018-10-12 14:37:40 UTC
SLE15 has:
patches.suse/netlink-Fix-spectre-v1-gadget-in-netlink_create.patch:Git-commit: bc5b6c0b62b932626a135f516a41838c510c6eba

but not commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 so far
Comment 23 Marcus Meissner 2018-10-13 14:02:38 UTC
Created attachment 785921 [details]
smatch_warns.txt

smatch output of 20181012 kernel git, defautl config.

entries like:

net/dcb/dcbnl.c:1748 dcb_doit() warn: potential spectre issue 'reply_funcs' [r] (local cap)
   -> are spectre v1

net/ipv4/netfilter/nf_nat_pptp.c:167 pptp_outbound_pkt() warn: potential spectre issue 'pptp_msg_name' [w] (local cap)

   -> are bounds check bypass store


 grep "potential spectre issue .*[w]" smatch_warns.txt |wc -l 
72


alone smatch still finds 72 issues
Comment 24 Swamp Workflow Management 2019-01-29 17:13:32 UTC
SUSE-SU-2019:0196-1: An update that solves 10 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087084,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1110558,1111188,1111469,1111696,1111795,1112128,1113722,1114648,1114871,1116040,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118215,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973
CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_2-1-6.3.1
Comment 25 Swamp Workflow Management 2019-01-29 17:50:40 UTC
SUSE-SU-2019:0196-1: An update that solves 10 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087084,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1110558,1111188,1111469,1111696,1111795,1112128,1113722,1114648,1114871,1116040,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118215,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973
CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.6.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.6.1, kernel-obs-build-4.12.14-95.6.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.6.1, kernel-source-4.12.14-95.6.1, kernel-syms-4.12.14-95.6.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_2-1-6.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.6.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.6.1, kernel-source-4.12.14-95.6.1, kernel-syms-4.12.14-95.6.1
Comment 26 Jiri Slaby 2019-01-30 07:57:36 UTC
(In reply to Marcus Meissner from comment #22)
> SLE15 has:
> patches.suse/netlink-Fix-spectre-v1-gadget-in-netlink_create.patch:Git-
> commit: bc5b6c0b62b932626a135f516a41838c510c6eba
> 
> but not commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 so far

Now, it is there by:
commit 43aee3ffbbddd587781000b6fee762e01246c9d5
Author: Jan Kara <jack@suse.cz>
Date:   Mon Oct 22 13:51:33 2018 +0200

    ext4: fix spectre gadget in ext4_mb_regular_allocator()
    (bsc#1112733).
Comment 27 Jiri Slaby 2019-01-30 08:03:34 UTC
(In reply to Marcus Meissner from comment #23)
> Created attachment 785921 [details]
> smatch_warns.txt
> 
> smatch output of 20181012 kernel git, defautl config.

FWIW there was a load of spectre v1 fixes in the few last stable kernels. And SLE15 received few through networking-stable too.

How do you run smatch? C=1 CHECK=smatch?
Comment 28 Swamp Workflow Management 2019-02-01 20:22:06 UTC
SUSE-SU-2019:0222-1: An update that solves 13 vulnerabilities and has 258 fixes is now available.

Category: security (important)
Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1065600,1065729,1068032,1068273,1074562,1074578,1074701,1075006,1075419,1075748,1078248,1079935,1080039,1082387,1082555,1082653,1083647,1085535,1086282,1086283,1086423,1087082,1087084,1087939,1087978,1088386,1089350,1090888,1091405,1094244,1097593,1097755,1102055,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104824,1104967,1105168,1106105,1106110,1106237,1106240,1106615,1106913,1107207,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111062,1111174,1111188,1111469,1111696,1111795,1111809,1112128,1112963,1113295,1113412,1113501,1113677,1113722,1113769,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114648,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118320,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119947,1119962,1119968,1119974,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973,1122019,1122292
CVE References: CVE-2017-5753,CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.6.2, kernel-source-azure-4.12.14-6.6.2, kernel-syms-azure-4.12.14-6.6.2
Comment 29 Marcus Meissner 2019-02-05 16:05:53 UTC
Created attachment 796031 [details]
smatch_warns.txt

What I did:

build smatch from source
check out kernel git master
ran:

~/projects/bs/GIT/smatch/smatch_scripts/test_kernel.sh

(using all-return-config (like pressing return until configure was through)
Comment 30 Marcus Meissner 2019-02-05 16:08:40 UTC
(run it at the toplevel of the checkout)

it seems the scripts runs it as make CHECK="smatch -p=kernel --file-output .." C=1 

grep "spectre.*\[w" smatch_warns.txt | wc -l
60
grep "spectre.*\[r" smatch_warns.txt | wc -l
108
Comment 33 Swamp Workflow Management 2019-03-26 20:17:32 UTC
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2019-03-26 20:51:52 UTC
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178
CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_3-1-6.7.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 44 Marcus Meissner 2019-09-10 14:49:06 UTC
SUSE will be picking up fixes from upstream on this "bug class issue", but will not actively pursue this problem.

As written in the TID, the array index masking methods also used for Spectre variant 1 already cover the large part of this bug class.
Comment 45 Marcus Meissner 2019-09-10 14:52:34 UTC
lets better mark it "fixed" as we have integrated fixes.