csaf_suse - suse-su-2018:1362-2

suse-su-2018:1362-2

Vulnerability from csaf_suse

Published

2018-10-18 12:45

Modified

2018-10-18 12:45

Summary

Security update for qemu

Notes

Title of the patch

Security update for qemu

Description of the patch

This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change

Patchnames

SUSE-SLE-SERVER-12-SP2-BCL-2018-946

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for qemu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for qemu fixes several issues.\n\nThis security issue was fixed:\n\n- CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885).\n\n  Systems with microprocessors utilizing speculative execution and speculative\n  execution of memory reads before the addresses of all prior memory writes are\n  known may allow unauthorized disclosure of information to an attacker with\n  local user access via a side-channel analysis.\n\n  This patch permits the new x86 cpu feature flag named \u0027ssbd\u0027 to be\n  presented to the guest, given that the host has this feature, and\n  KVM exposes it to the guest as well.\n\n  For this feature to be enabled please use the qemu commandline\n  -cpu $MODEL,+spec-ctrl,+ssbd\n  so the guest OS can take advantage of the feature.\n\n  spec-ctrl and ssbd support is also required in the host.\n\nThis feature was added:\n\n- Add support for block resize support for xen disks through the monitor\n\nThis non-security issue was fixed:\n\n- bsc#1079405: Add new look up path \u0027sys/class/tpm\u0027 for tpm cancel path based\n  on Linux 4.0 change\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-946",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1362-2.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1362-2",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181362-2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1362-2",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004704.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1079405",
        "url": "https://bugzilla.suse.com/1079405"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1092885",
        "url": "https://bugzilla.suse.com/1092885"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3639 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3639/"
      }
    ],
    "title": "Security update for qemu",
    "tracking": {
      "current_release_date": "2018-10-18T12:45:32Z",
      "generator": {
        "date": "2018-10-18T12:45:32Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1362-2",
      "initial_release_date": "2018-10-18T12:45:32Z",
      "revision_history": [
        {
          "date": "2018-10-18T12:45:32Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-ipxe-1.0.0-41.40.1.noarch",
                "product": {
                  "name": "qemu-ipxe-1.0.0-41.40.1.noarch",
                  "product_id": "qemu-ipxe-1.0.0-41.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-seabios-1.9.1-41.40.1.noarch",
                "product": {
                  "name": "qemu-seabios-1.9.1-41.40.1.noarch",
                  "product_id": "qemu-seabios-1.9.1-41.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-sgabios-8-41.40.1.noarch",
                "product": {
                  "name": "qemu-sgabios-8-41.40.1.noarch",
                  "product_id": "qemu-sgabios-8-41.40.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-vgabios-1.9.1-41.40.1.noarch",
                "product": {
                  "name": "qemu-vgabios-1.9.1-41.40.1.noarch",
                  "product_id": "qemu-vgabios-1.9.1-41.40.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-curl-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-block-curl-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-block-curl-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-rbd-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-block-rbd-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-block-rbd-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-block-ssh-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-block-ssh-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-block-ssh-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-guest-agent-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-guest-agent-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-guest-agent-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-kvm-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-kvm-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-lang-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-lang-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-lang-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-tools-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-tools-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-tools-2.6.2-41.40.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "qemu-x86-2.6.2-41.40.1.x86_64",
                "product": {
                  "name": "qemu-x86-2.6.2-41.40.1.x86_64",
                  "product_id": "qemu-x86-2.6.2-41.40.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-curl-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-block-curl-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-rbd-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-block-rbd-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-block-ssh-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-block-ssh-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-guest-agent-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-guest-agent-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-ipxe-1.0.0-41.40.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.40.1.noarch"
        },
        "product_reference": "qemu-ipxe-1.0.0-41.40.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-kvm-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-lang-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-lang-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-seabios-1.9.1-41.40.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.40.1.noarch"
        },
        "product_reference": "qemu-seabios-1.9.1-41.40.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-sgabios-8-41.40.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.40.1.noarch"
        },
        "product_reference": "qemu-sgabios-8-41.40.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-tools-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-tools-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-vgabios-1.9.1-41.40.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.40.1.noarch"
        },
        "product_reference": "qemu-vgabios-1.9.1-41.40.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-x86-2.6.2-41.40.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.40.1.x86_64"
        },
        "product_reference": "qemu-x86-2.6.2-41.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-3639",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3639"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.40.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.40.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.40.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.40.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.40.1.noarch",
          "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.40.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3639",
          "url": "https://www.suse.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085235 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1085235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085308 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1085308"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087078 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1087078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092631 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1092631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092885 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1092885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1094912 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1094912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098813 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1098813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100394 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1100394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102640 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1102640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105412 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1105412"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111963 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1111963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172781 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172781"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172782 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172783 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1172783"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173489 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1173489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2018-3639",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.40.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-curl-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-rbd-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-block-ssh-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-guest-agent-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-ipxe-1.0.0-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-kvm-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-lang-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-seabios-1.9.1-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-sgabios-8-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-tools-2.6.2-41.40.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-vgabios-1.9.1-41.40.1.noarch",
            "SUSE Linux Enterprise Server 12 SP2-BCL:qemu-x86-2.6.2-41.40.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:45:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-3639"
    }
  ]
}

CVE-2018-3639 (GCVE-0-2018-3639)

Vulnerability from cvelistv5

Published

2018-05-22 12:00

Modified

2024-09-16 22:55

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:1689	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2162	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1641	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3680-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1997	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1665	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3407	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2164	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2001	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3423	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2003	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1645	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1643	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1652	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3424	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3402	vendor-advisory, x_refsource_REDHAT
	https://www.us-cert.gov/ncas/alerts/TA18-141A	third-party-advisory, x_refsource_CERT
	https://access.redhat.com/errata/RHSA-2018:1656	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1664	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2258	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1688	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1658	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1657	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2289	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1666	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1042004	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1675	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1660	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1965	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1661	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1633	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1636	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1854	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2006	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2250	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1040949	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3401	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1737	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1826	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3651-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4210	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/44695/	exploit, x_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:1651	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1638	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1696	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2246	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1644	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1646	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:1639	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1668	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1637	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://www.kb.cert.org/vuls/id/180049	third-party-advisory, x_refsource_CERT-VN
	https://access.redhat.com/errata/RHSA-2018:1686	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2172	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1663	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3652-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1629	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1655	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1640	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1669	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1676	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://access.redhat.com/errata/RHSA-2018:3425	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2363	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1632	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1650	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2364	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2216	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1649	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2309	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/104232	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1653	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2171	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1635	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1710	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1659	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1711	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4273	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1738	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1674	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3396	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1667	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3654-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1662	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1630	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1647	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1967	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3655-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3399	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2060	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1690	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3653-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2161	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2328	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1648	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0148	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1654	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3679-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3777-3/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1642	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3397	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3756-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3398	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3400	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2228	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1046	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html	vendor-advisory, x_refsource_SUSE
	https://seclists.org/bugtraq/2019/Jun/36	mailing-list, x_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2020/06/10/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/06/10/5	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-22133	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX235225	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_23	x_refsource_CONFIRM
	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	x_refsource_CONFIRM
	http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-263.html	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf	x_refsource_CONFIRM
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us	x_refsource_CONFIRM
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1528	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180521-0001/	x_refsource_CONFIRM
	https://nvidia.custhelp.com/app/answers/detail/a_id/4787	x_refsource_CONFIRM
	https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Version: Multiple

Show details on NVD website