Description: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory.
Vulnerability Insight: The openSUSE Leap 42.2 kernel was updated to 4.4.104 to receive various security and bugfixes.
This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032).
- CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets.
This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel.
- CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753.
This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries.
Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue.
As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option.
- CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753.
This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following an approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'.
Note that this is only done on affected platforms.
This feature can be enabled / disabled by the 'pti=[onoffauto]' or 'nopti' commandline options.
The following security bugs were fixed:
- CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing.
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: Linux Kernel on openSUSE Leap 42.2
Solution: Please install the updated package(s).
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|