Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1713-1

Опубликовано: 23 июн. 2020
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2020-10768: Fixed an issue with the prctl() function which could have allowed indirect branch speculation even after it has been disabled (bsc#1172783).

  • CVE-2020-10767: Fixed an issue where the Indirect Branch Prediction Barrier (IBPB) would have been disabled when STIBP is unavailable or enhanced IBRS is available making the system vulnerable to spectre v2 (bsc#1172782).

  • CVE-2020-10766: Fixed an issue with Linux scheduler which could have allowed an attacker to turn off the SSBD protection (bsc#1172781).

  • xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049).

Список пакетов

HPE Helion OpenStack 8
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1
SUSE Enterprise Storage 5
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1
SUSE Linux Enterprise High Availability Extension 12 SP3
cluster-md-kmp-default-4.4.180-94.124.1
dlm-kmp-default-4.4.180-94.124.1
gfs2-kmp-default-4.4.180-94.124.1
ocfs2-kmp-default-4.4.180-94.124.1
SUSE Linux Enterprise Server 12 SP3-BCL
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
SUSE Linux Enterprise Server 12 SP3-LTSS
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-default-man-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1
SUSE OpenStack Cloud 8
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1
SUSE OpenStack Cloud Crowbar 8
kernel-default-4.4.180-94.124.1
kernel-default-base-4.4.180-94.124.1
kernel-default-devel-4.4.180-94.124.1
kernel-default-kgraft-4.4.180-94.124.1
kernel-devel-4.4.180-94.124.1
kernel-macros-4.4.180-94.124.1
kernel-source-4.4.180-94.124.1
kernel-syms-4.4.180-94.124.1
kgraft-patch-4_4_180-94_124-default-1-4.3.1

Ссылки

Описание

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.

Затронутые продукты
HPE Helion OpenStack 8:kernel-default-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-base-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-devel-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-kgraft-4.4.180-94.124.1
Ссылки

Описание

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.

Затронутые продукты
HPE Helion OpenStack 8:kernel-default-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-base-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-devel-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-kgraft-4.4.180-94.124.1
Ссылки

Описание

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

Затронутые продукты
HPE Helion OpenStack 8:kernel-default-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-base-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-devel-4.4.180-94.124.1
HPE Helion OpenStack 8:kernel-default-kgraft-4.4.180-94.124.1
Ссылки
Уязвимость SUSE-SU-2020:1713-1