suse-su-2018:2331-1
Vulnerability from csaf_suse
Published
2018-08-15 11:50
Modified
2018-08-15 11:50
Summary
Security update to ucode-intel
Notes
Title of the patch
Security update to ucode-intel
Description of the patch
ucode-intel was updated to the 20180807 release.
For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is
part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646
(L1 Terminal fault).
(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx
NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx
BXT C0 6-5c-2/01 00000014 Atom T5500/5700
APL E0 6-5c-a/03 0000000c Atom x5-E39xx
DVN B0 6-5f-1/01 00000024 Atom C3xxx
---- updated platforms ------------------------------------
NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx
NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx
WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406
WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx
SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3
WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7
IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile
HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile
HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron
HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX
BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4
SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile
BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87
APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5
Patchnames
SUSE-OpenStack-Cloud-7-2018-1573,SUSE-SLE-DESKTOP-12-SP3-2018-1573,SUSE-SLE-SAP-12-SP1-2018-1573,SUSE-SLE-SAP-12-SP2-2018-1573,SUSE-SLE-SERVER-12-2018-1573,SUSE-SLE-SERVER-12-SP1-2018-1573,SUSE-SLE-SERVER-12-SP2-2018-1573,SUSE-SLE-SERVER-12-SP3-2018-1573,SUSE-Storage-4-2018-1573
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update to ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is\npart of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646\n(L1 Terminal fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor Identifier Version Products\n\n Model Stepping F-MO-S/PI Old-\u003eNew\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx\n NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx\n BXT C0 6-5c-2/01 00000014 Atom T5500/5700\n APL E0 6-5c-a/03 0000000c Atom x5-E39xx\n DVN B0 6-5f-1/01 00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS D0 6-1a-5/03 00000019-\u003e0000001d Xeon E/L/X/W55xx\n NHM B1 6-1e-5/13 00000007-\u003e0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM B1 6-25-2/12 0000000e-\u003e00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM K0 6-25-5/92 00000004-\u003e00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB D2 6-2a-7/12 0000002d-\u003e0000002e Core Gen2; Xeon E3\n WSM-EX A2 6-2f-2/05 00000037-\u003e0000003b Xeon E7\n IVB E2 6-3a-9/12 0000001f-\u003e00000020 Core Gen3 Mobile\n HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024-\u003e00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y E/F 6-3d-4/c0 0000002a-\u003e0000002b Core Gen5 Mobile\n HSW-ULT Cx/Dx 6-45-1/72 00000023-\u003e00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H Cx 6-46-1/32 00000019-\u003e0000001a Core Extreme i7-5xxxX\n BDW-H/E3 E/G 6-47-1/22 0000001d-\u003e0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y D0 6-4e-3/c0 000000c2-\u003e000000c6 Core Gen6 Mobile\n BDX-DE V1 6-56-2/10 00000015-\u003e00000017 Xeon D-1520/40\n BDX-DE V2/3 6-56-3/10 07000012-\u003e07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE Y0 6-56-4/10 0f000011-\u003e0f000012 Xeon D-1557/59/67/71/77/81/87\n APL D0 6-5c-9/03 0000002c-\u003e00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3 R0 6-5e-3/36 000000c2-\u003e000000c6 Core Gen6; Xeon E3 v5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-1573,SUSE-SLE-DESKTOP-12-SP3-2018-1573,SUSE-SLE-SAP-12-SP1-2018-1573,SUSE-SLE-SAP-12-SP2-2018-1573,SUSE-SLE-SERVER-12-2018-1573,SUSE-SLE-SERVER-12-SP1-2018-1573,SUSE-SLE-SERVER-12-SP2-2018-1573,SUSE-SLE-SERVER-12-SP3-2018-1573,SUSE-Storage-4-2018-1573",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2331-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2331-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182331-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2331-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004416.html"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087083",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1104134",
"url": "https://bugzilla.suse.com/1104134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3639 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
}
],
"title": "Security update to ucode-intel",
"tracking": {
"current_release_date": "2018-08-15T11:50:29Z",
"generator": {
"date": "2018-08-15T11:50:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2331-1",
"initial_release_date": "2018-08-15T11:50:29Z",
"revision_history": [
{
"date": "2018-08-15T11:50:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product": {
"name": "ucode-intel-20180807-13.29.1.x86_64",
"product_id": "ucode-intel-20180807-13.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20180807-13.29.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64"
},
"product_reference": "ucode-intel-20180807-13.29.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3639"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3639",
"url": "https://www.suse.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1085235 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085235"
},
{
"category": "external",
"summary": "SUSE Bug 1085308 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1085308"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092631 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092631"
},
{
"category": "external",
"summary": "SUSE Bug 1092885 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1092885"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1102640 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1102640"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1105412"
},
{
"category": "external",
"summary": "SUSE Bug 1111963 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1111963"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172781"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172782"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1172783"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2018-3639",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-3639"
},
{
"cve": "CVE-2018-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3640"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3640",
"url": "https://www.suse.com/security/cve/CVE-2018-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087083 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1087083"
},
{
"category": "external",
"summary": "SUSE Bug 1094912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1094912"
},
{
"category": "external",
"summary": "SUSE Bug 1098813 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1098813"
},
{
"category": "external",
"summary": "SUSE Bug 1100394 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1100394"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1175912 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1175912"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3640",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-3640"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20180807-13.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20180807-13.29.1.x86_64",
"SUSE OpenStack Cloud 7:ucode-intel-20180807-13.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-15T11:50:29Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…