| Description: | Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:0010-1 advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.
This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032).
- CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring
deep instruction pipelining could use attacker controllable speculative
execution over code patterns in the Linux Kernel to leak content from
otherwise not readable memory in the same address space, allowing
retrieval of passwords, cryptographic keys and other secrets.
This problem is mitigated by adding speculative fencing on affected
code paths throughout the Linux kernel.
- CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring
branch prediction could use mispredicted branches to speculatively execute
code patterns that in turn could be made to leak other non-readable
content in the same address space, an attack similar to CVE-2017-5753.
This problem is mitigated by disabling predictive branches, depending
on CPU architecture either by firmware updates and/or fixes in the
user-kernel privilege boundaries.
Please also check with your CPU / Hardware vendor for available
firmware or BIOS updates.
As this feature can have a performance impact, it can be disabled
using the 'nospec' kernel commandline option.
- CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with
modern CPUs featuring deep instruction pipelining could use code
patterns in userspace to speculative executive code that would read
otherwise read protected memory.
This problem is mitigated by unmapping the Linux Kernel from the user
address space during user code execution, following a approach called
'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation'
and 'PTI' / 'Page Table Isolation'.
This is only enabled by default on affected architectures.
This feature can be enabled / disabled by the 'pti=[onoffauto]' or 'nopti' commandline options.
The following security bugs were fixed:
- CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux
kernel did not validate that the underlying cryptographic hash algorithm
is unkeyed, allowing a local attacker able to use the AF_ALG-based hash
interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing
a crafted sequence of system calls that encounter a missing SHA-3
initialization (bnc#1073874).
- CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did
not correctly handle zero-length inputs, allowing a local attacker able to
use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER)
to cause a denial of service (uninitialized-memory free and kernel
crash) or have unspecified other impact by ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Desktop 12-SP3, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
