Bugzilla – Bug 1087084
VUL-0: CVE-2018-3693: Bounds Check Bypass Store
Last modified: 2020-06-08 19:13:15 UTC
CVE was adjusted to CVE-2018-3693 CVSSv3 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
is public now.
https://01.org/security/advisories/intel-oss-10002 Speculative Execution Branch Prediction Side Channel and Branch Prediction Analysis Method Intel ID: INTEL-OSS-10002 Product family: Most Modern Operating Systems Impact of vulnerability: Information Disclosure Severity rating: Important Original release: 01/03/2018 Last revised: 07/10/2018 CVE: CVE-2017-5753, CVE-2018-3693 Summary On January 3, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems. On Jul 10, 2018, additional research disclosed related variations of these methods. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified. Description CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2018-3693 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. 7.1 High CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products Most modern operating systems are impacted. Intel recommends checking with your Operating System Vendor(s) for updates or patches. Recommendations Along with other companies whose platforms are potentially impacted by these new methods, including AMD and ARM, Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software updates or developer guidance that can help protect systems from these methods. End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical. Acknowledgements Bounds Check Bypass - CVE-2017-5753 Intel would like to thank Jann Horn with Google Project Zero for his original report and for working with the industry on coordinated disclosure. Intel would also like to thank the following researchers for working with us on coordinated disclosure. Moritz Lipp, Michael Schwarz, Daniel Gruss, Stefan Mangard from Graz University of Technology Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland, Mike Hamburg from Rambus, Cryptography Research Division and Yuval Yarom from University of Adelaide and Data61. Thomas Prescher and Werner Haas from Cyberus Technology, Germany Bounds Check Bypass Store - CVE-2018-3693 Intel would like to thank Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting and for working with the industry on coordinated disclosure. Project: Intel Open Source Security Incident Response Team
The research paper is linked here: https://people.csail.mit.edu/vlk/spectre11.pdf
*** Bug 1101008 has been marked as a duplicate of this bug. ***
SUSE-SU-2018:2092-1: An update that solves 22 vulnerabilities and has 246 fixes is now available. Category: security (important) Bug References: 1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1060463,1061024,1061840,1062897,1064802,1065600,1066110,1066129,1068032,1068054,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083900,1084001,1084570,1085308,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086652,1086739,1087078,1087082,1087084,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088354,1088690,1088704,1088722,1088796,1088804,1088821,1088866,1089115,1089268,1089467,1089608,1089663,1089664,1089667,1089669,1089752,1089753,1089878,1090150,1090457,1090605,1090643,1090646,1090658,1090734,1090888,1090953,1091158,1091171,1091424,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092472,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094912,1094978,1095042,1095094,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100394,1100416,1100418,1100491,1100602,1100633,1100843,1101296,1101315,1101324,971975,975772 CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-3639,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): kernel-default-4.12.14-25.3.1 SUSE Linux Enterprise Module for Live Patching 15 (src): kernel-default-4.12.14-25.3.1, kernel-livepatch-SLE15_Update_1-1-1.3.1 SUSE Linux Enterprise Module for Legacy Software 15 (src): kernel-default-4.12.14-25.3.1 SUSE Linux Enterprise Module for Development Tools 15 (src): kernel-docs-4.12.14-25.3.1, kernel-obs-build-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-syms-4.12.14-25.3.1, kernel-vanilla-4.12.14-25.3.1 SUSE Linux Enterprise Module for Basesystem 15 (src): kernel-default-4.12.14-25.3.1, kernel-source-4.12.14-25.3.1, kernel-zfcpdump-4.12.14-25.3.1 SUSE Linux Enterprise High Availability 15 (src): kernel-default-4.12.14-25.3.1
openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available. Category: security (important) Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772 CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385 Sources used: openSUSE Leap 15.0 (src): kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1
SUSE-SU-2018:2150-1: An update that solves 5 vulnerabilities and has 47 fixes is now available. Category: security (important) Bug References: 1012382,1068032,1074562,1074578,1074701,1075006,1075419,1075748,1075876,1080039,1085185,1085657,1087084,1087939,1089525,1090435,1090888,1091171,1092207,1094244,1094248,1094643,1095453,1096790,1097034,1097140,1097492,1097501,1097551,1097808,1097931,1097961,1098016,1098236,1098425,1098435,1098527,1099042,1099183,1099279,1099713,1099732,1099810,1099918,1099924,1099966,1099993,1100089,1100340,1100416,1100418,1100491 CVE References: CVE-2017-5753,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-9385 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP3 (src): kernel-rt-4.4.139-3.17.1, kernel-rt_debug-4.4.139-3.17.1, kernel-source-rt-4.4.139-3.17.1, kernel-syms-rt-4.4.139-3.17.1
The "smatch" tool has matchers for this. Currently it would report this with a [w], like: warn: potential spectre issue 'grp->bb_counters' [w] In kernel git currently are two commits: commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 Author: Jeremy Cline <jcline@redhat.com> Date: Thu Aug 2 00:03:40 2018 -0400 ext4: fix spectre gadget in ext4_mb_regular_allocator() 'ac->ac_g_ex.fe_len' is a user-controlled value which is used in the derivation of 'ac->ac_2order'. 'ac->ac_2order', in turn, is used to index arrays which makes it a potential spectre gadget. Fix this by sanitizing the value assigned to 'ac->ac2_order'. This covers the following accesses found with the help of smatch: * fs/ext4/mballoc.c:1896 ext4_mb_simple_scan_group() warn: potential spectre issue 'grp->bb_counters' [w] (local cap) * fs/ext4/mballoc.c:445 mb_find_buddy() warn: potential spectre issue 'EXT4_SB(e4b->bd_sb)->s_mb_offsets' [r] (local cap) * fs/ext4/mballoc.c:446 mb_find_buddy() warn: potential spectre issue 'EXT4_SB(e4b->bd_sb)->s_mb_maxs' [r] (local cap) Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org commit bc5b6c0b62b932626a135f516a41838c510c6eba Author: Jeremy Cline <jcline@redhat.com> Date: Tue Jul 31 21:13:16 2018 +0000 netlink: Fix spectre v1 gadget in netlink_create() 'protocol' is a user-controlled value, so sanitize it after the bounds check to avoid using it for speculative out-of-bounds access to arrays indexed by it. This addresses the following accesses detected with the help of smatch: * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_keys' [w] * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_key_strings' [w] * net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre issue 'nl_table' [w] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
patches.kernel.org/4.4.146-114-netlink-Fix-spectre-v1-gadget-in-netlink_crea.patch:Git-commit: bc5b6c0b62b932626a135f516a41838c510c6eba patches.kernel.org/4.4.152-067-ext4-fix-spectre-gadget-in-ext4_mb_regular_al.patch:Git-commit: 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85
SLE15 has: patches.suse/netlink-Fix-spectre-v1-gadget-in-netlink_create.patch:Git-commit: bc5b6c0b62b932626a135f516a41838c510c6eba but not commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 so far
Created attachment 785921 [details] smatch_warns.txt smatch output of 20181012 kernel git, defautl config. entries like: net/dcb/dcbnl.c:1748 dcb_doit() warn: potential spectre issue 'reply_funcs' [r] (local cap) -> are spectre v1 net/ipv4/netfilter/nf_nat_pptp.c:167 pptp_outbound_pkt() warn: potential spectre issue 'pptp_msg_name' [w] (local cap) -> are bounds check bypass store grep "potential spectre issue .*[w]" smatch_warns.txt |wc -l 72 alone smatch still finds 72 issues
SUSE-SU-2019:0196-1: An update that solves 10 vulnerabilities and has 136 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087084,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1110558,1111188,1111469,1111696,1111795,1112128,1113722,1114648,1114871,1116040,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118215,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_2-1-6.3.1
SUSE-SU-2019:0196-1: An update that solves 10 vulnerabilities and has 136 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055121,1055186,1058115,1060463,1065729,1078248,1079935,1082387,1083647,1086282,1086283,1086423,1087084,1087978,1088386,1090888,1091405,1094244,1097593,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104967,1105168,1106105,1106110,1106615,1106913,1108270,1109272,1110558,1111188,1111469,1111696,1111795,1112128,1113722,1114648,1114871,1116040,1116336,1116803,1116841,1117115,1117162,1117165,1117186,1117561,1117656,1117953,1118215,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973 CVE References: CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18397,CVE-2018-19407,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): kernel-default-4.12.14-95.6.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): kernel-docs-4.12.14-95.6.1, kernel-obs-build-4.12.14-95.6.1 SUSE Linux Enterprise Server 12-SP4 (src): kernel-default-4.12.14-95.6.1, kernel-source-4.12.14-95.6.1, kernel-syms-4.12.14-95.6.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_2-1-6.3.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.6.1 SUSE Linux Enterprise Desktop 12-SP4 (src): kernel-default-4.12.14-95.6.1, kernel-source-4.12.14-95.6.1, kernel-syms-4.12.14-95.6.1
(In reply to Marcus Meissner from comment #22) > SLE15 has: > patches.suse/netlink-Fix-spectre-v1-gadget-in-netlink_create.patch:Git- > commit: bc5b6c0b62b932626a135f516a41838c510c6eba > > but not commit 1a5d5e5d51e75a5bca67dadbcea8c841934b7b85 so far Now, it is there by: commit 43aee3ffbbddd587781000b6fee762e01246c9d5 Author: Jan Kara <jack@suse.cz> Date: Mon Oct 22 13:51:33 2018 +0200 ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733).
(In reply to Marcus Meissner from comment #23) > Created attachment 785921 [details] > smatch_warns.txt > > smatch output of 20181012 kernel git, defautl config. FWIW there was a load of spectre v1 fixes in the few last stable kernels. And SLE15 received few through networking-stable too. How do you run smatch? C=1 CHECK=smatch?
SUSE-SU-2019:0222-1: An update that solves 13 vulnerabilities and has 258 fixes is now available. Category: security (important) Bug References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1065600,1065729,1068032,1068273,1074562,1074578,1074701,1075006,1075419,1075748,1078248,1079935,1080039,1082387,1082555,1082653,1083647,1085535,1086282,1086283,1086423,1087082,1087084,1087939,1087978,1088386,1089350,1090888,1091405,1094244,1097593,1097755,1102055,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104824,1104967,1105168,1106105,1106110,1106237,1106240,1106615,1106913,1107207,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111062,1111174,1111188,1111469,1111696,1111795,1111809,1112128,1112963,1113295,1113412,1113501,1113677,1113722,1113769,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114648,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118320,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118787,1118788,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119947,1119962,1119968,1119974,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973,1122019,1122292 CVE References: CVE-2017-5753,CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): kernel-azure-4.12.14-6.6.2, kernel-source-azure-4.12.14-6.6.2, kernel-syms-azure-4.12.14-6.6.2
Created attachment 796031 [details] smatch_warns.txt What I did: build smatch from source check out kernel git master ran: ~/projects/bs/GIT/smatch/smatch_scripts/test_kernel.sh (using all-return-config (like pressing return until configure was through)
(run it at the toplevel of the checkout) it seems the scripts runs it as make CHECK="smatch -p=kernel --file-output .." C=1 grep "spectre.*\[w" smatch_warns.txt | wc -l 60 grep "spectre.*\[r" smatch_warns.txt | wc -l 108
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available. Category: security (important) Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178 CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): kernel-default-4.12.14-95.13.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1 SUSE Linux Enterprise Server 12-SP4 (src): kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.13.1 SUSE Linux Enterprise Desktop 12-SP4 (src): kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0765-1: An update that solves 13 vulnerabilities and has 215 fixes is now available. Category: security (important) Bug References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1068032,1070995,1071995,1074562,1074578,1074701,1075006,1075419,1075748,1078355,1080039,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087084,1087092,1087939,1088133,1094555,1098382,1098425,1098995,1102055,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113769,1113939,1114279,1114585,1114893,1117108,1117155,1117645,1117947,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122159,1122192,1122292,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,807502,824948,828192,925178 CVE References: CVE-2017-5753,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): kernel-default-4.12.14-95.13.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): kernel-docs-4.12.14-95.13.1, kernel-obs-build-4.12.14-95.13.1 SUSE Linux Enterprise Server 12-SP4 (src): kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1 SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_3-1-6.7.1 SUSE Linux Enterprise High Availability 12-SP4 (src): kernel-default-4.12.14-95.13.1 SUSE Linux Enterprise Desktop 12-SP4 (src): kernel-default-4.12.14-95.13.1, kernel-source-4.12.14-95.13.1, kernel-syms-4.12.14-95.13.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE will be picking up fixes from upstream on this "bug class issue", but will not actively pursue this problem. As written in the TID, the array index masking methods also used for Spectre variant 1 already cover the large part of this bug class.
lets better mark it "fixed" as we have integrated fixes.