1209779 – (CVE-2023-1637) VUL-0: CVE-2023-1637: kernel: save/restore speculative MSRs during S3 suspend/resume

Bug 1209779 (CVE-2023-1637) - VUL-0: CVE-2023-1637: kernel: save/restore speculative MSRs during S3 suspend/resume

Summary: VUL-0: CVE-2023-1637: kernel: save/restore speculative MSRs during S3 suspend...

Status:	IN_PROGRESS

Alias:	CVE-2023-1637

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/361373/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-1637:4.8:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-03-27 09:20 UTC by Alexander Bergmann
Modified:	2024-06-25 17:33 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2023-03-27 09:20:40 UTC

CVE-2023-1637

A flaw found in the Linux Kernel. After resuming from suspend-to-RAM, the MSRs that control CPU's speculative execution behavior are not being restored on the boot CPU.

These MSRs are used to mitigate speculative execution vulnerabilities. Not restoring them correctly may leave the CPU vulnerable. Secondary CPU's MSRs are correctly being restored at S3 resume by identify_secondary_cpu().

References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
https://sourceware.org/bugzilla/show_bug.cgi?id=27398

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1637
https://bugzilla.redhat.com/show_bug.cgi?id=2181891

Comment 1 Joey Lee 2023-03-28 12:29:07 UTC

(In reply to Alexander Bergmann from comment #0)
> CVE-2023-1637
> 
> A flaw found in the Linux Kernel. After resuming from suspend-to-RAM, the
> MSRs that control CPU's speculative execution behavior are not being
> restored on the boot CPU.
> 
> These MSRs are used to mitigate speculative execution vulnerabilities. Not
> restoring them correctly may leave the CPU vulnerable. Secondary CPU's MSRs
> are correctly being restored at S3 resume by identify_secondary_cpu().
> 
> References:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463

commit e2a1256b17b16f9b9adf1b6fea56819e7b68e463                 [v5.18-rc2~36]
Author: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Date:   Mon Apr 4 17:35:45 2022 -0700

    x86/speculation: Restore speculation related MSRs during S3 resume
...
    Fixes: 772439717dbf ("x86/bugs/intel: Set proper CPU features and setup RDS")       [v4.17-rc7~25^2~40]

Borislav Petkov backported patch to SLE kernels. I will update the references tag
in his patch.

SLE Status:

cve/linux-3.0   [Not affect] no 772439717dbf
        SLE11-SP3-TD      [Not affect] 
        SLE11-SP4-LTSS   [Not affect]

cve/linux-4.4 [Not affect] no 772439717dbf patch
    SLE12-SP2-LTSS [OK] Borislav backported, will references tag
    SLE12-SP3-LTSS [OK] Borislav backported, will references tag
    SLE12-SP3-TD     [OK] Borislav backported, will references tag

cve/linux-4.12 [OK] Borislav backported, will references tag
    SLE15-SP1-LTSS [OK]
    SLE15-LTSS        [OK]
    SLE12-SP4-LTSS [OK]
    SLE12-SP5 [OK]

cve/linux-5.3 [OK] Borislav backported, will references tag
    15-SP3-LTSS [OK] 
    15-SP2-LTSS [OK] 

SLE15-SP4 [OK] Borislav backported, will references tag
SLE15-SP5 [OK] Borislav backported, will references tag

Comment 6 Maintenance Automation 2023-04-10 12:31:42 UTC

SUSE-SU-2023:1802-1: An update that solves 11 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1637, CVE-2023-1652, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Maintenance Automation 2023-04-18 12:30:20 UTC

SUSE-SU-2023:1897-1: An update that solves 14 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
openSUSE Leap 15.4 (src): kernel-obs-build-5.14.21-150400.24.60.1, kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3, kernel-obs-qa-5.14.21-150400.24.60.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-obs-build-5.14.21-150400.24.60.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_11-1-150400.9.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Maintenance Automation 2023-04-25 12:30:15 UTC

SUSE-SU-2023:1992-1: An update that solves 14 vulnerabilities and has 26 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_6-1-150400.1.3.3
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Joey Lee 2023-06-13 09:30:16 UTC

(In reply to Joey Lee from comment #1)
> (In reply to Alexander Bergmann from comment #0)
> > CVE-2023-1637
> > 
> > A flaw found in the Linux Kernel. After resuming from suspend-to-RAM, the
> > MSRs that control CPU's speculative execution behavior are not being
> > restored on the boot CPU.
> > 
> > These MSRs are used to mitigate speculative execution vulnerabilities. Not
> > restoring them correctly may leave the CPU vulnerable. Secondary CPU's MSRs
> > are correctly being restored at S3 resume by identify_secondary_cpu().
> > 
> > References:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> > ?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
> 
> commit e2a1256b17b16f9b9adf1b6fea56819e7b68e463                
> [v5.18-rc2~36]
> Author: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Date:   Mon Apr 4 17:35:45 2022 -0700
> 
>     x86/speculation: Restore speculation related MSRs during S3 resume
> ...
>     Fixes: 772439717dbf ("x86/bugs/intel: Set proper CPU features and setup
> RDS")       [v4.17-rc7~25^2~40]
> 
> Borislav Petkov backported patch to SLE kernels. I will update the
> references tag
> in his patch.
> 
> SLE Status:
> 
> cve/linux-3.0   [Not affect] no 772439717dbf
>         SLE11-SP3-TD      [Not affect] 
>         SLE11-SP4-LTSS   [Not affect]
> 
> cve/linux-4.4 [Not affect] no 772439717dbf patch
>     SLE12-SP2-LTSS [OK] Borislav backported, will references tag
>     SLE12-SP3-LTSS [OK] Borislav backported, will references tag
>     SLE12-SP3-TD     [OK] Borislav backported, will references tag
> 
> cve/linux-4.12 [OK] Borislav backported, will references tag
>     SLE15-SP1-LTSS [OK]
>     SLE15-LTSS        [OK]
>     SLE12-SP4-LTSS [OK]
>     SLE12-SP5 [OK]
> 
> cve/linux-5.3 [OK] Borislav backported, will references tag
>     15-SP3-LTSS [OK] 
>     15-SP2-LTSS [OK] 
> 
> SLE15-SP4 [OK] Borislav backported, will references tag
> SLE15-SP5 [OK] Borislav backported, will references tag


update status:

cve/linux-3.0   [Not affect] no 772439717dbf
        SLE11-SP3-TD     [Not affect] 
        SLE11-SP4-LTSS   [Not affect]

cve/linux-4.4 [Not affect] no 772439717dbf patch
    SLE12-SP2-LTSS [affect] has 772439717dbf
    SLE12-SP3-LTSS [affect] has 772439717dbf
    SLE12-SP3-TD   [affect] has 772439717dbf

cve/linux-4.12 [OK] Borislav backported, update references tag [DONE]
    SLE15-SP1-LTSS [OK]
    SLE15-LTSS        [OK]
    SLE12-SP4-LTSS [OK]
    SLE12-SP5 [OK]

cve/linux-5.3 [OK] Borislav backported, update references tag [DONE]
    15-SP3-LTSS [OK]
    15-SP2-LTSS [OK]

SLE15-SP4 [OK] Borislav backported, update references tag [DONE]
SLE15-SP5 [OK] Borislav backported, update references tag [DONE]

I found that the SLE12-SP2-LTSS, SLE12-SP3-LTSS and SLE12-SP3-TD are affected. I am looking at how many patches should be backported for e2a1256b17b16f9b9adf1b6fea56819e7b68e463.

Comment 23 Maintenance Automation 2023-06-13 16:30:10 UTC

SUSE-SU-2023:2502-1: An update that solves 21 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1199636, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206024, 1208474, 1208604, 1209287, 1209779, 1210715, 1210783, 1210940, 1211037, 1211043, 1211105, 1211131, 1211186, 1211203, 1211590, 1211592, 1211596, 1211622
CVE References: CVE-2020-36694, CVE-2022-3566, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1637, CVE-2023-2156, CVE-2023-2194, CVE-2023-23586, CVE-2023-2483, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269, CVE-2023-33288
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-syms-rt-5.3.18-150300.130.1, kernel-source-rt-5.3.18-150300.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2023-06-22 08:30:10 UTC

SUSE-SU-2023:2611-1: An update that solves 22 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1184208, 1199636, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206024, 1208474, 1208604, 1209287, 1209779, 1210715, 1210783, 1210940, 1211037, 1211043, 1211105, 1211131, 1211186, 1211203, 1211590, 1211592, 1211596, 1211622
CVE References: CVE-2020-36694, CVE-2021-29650, CVE-2022-3566, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1637, CVE-2023-2156, CVE-2023-2194, CVE-2023-23586, CVE-2023-2483, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269, CVE-2023-33288
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_33-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.124.1, kernel-obs-build-5.3.18-150300.59.124.1, kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1, kernel-source-5.3.18-150300.59.124.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Maintenance Automation 2023-06-27 12:30:36 UTC

SUSE-SU-2023:2651-1: An update that solves 22 vulnerabilities and has 10 fixes can now be installed.

Category: security (important)
Bug References: 1172073, 1184208, 1191731, 1199046, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206024, 1208474, 1208604, 1209287, 1209779, 1210498, 1210715, 1210783, 1210791, 1210940, 1211037, 1211043, 1211089, 1211105, 1211186, 1211187, 1211260, 1211590, 1211592, 1211596, 1211622, 1211796
CVE References: CVE-2020-36694, CVE-2021-29650, CVE-2022-3566, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1637, CVE-2023-2124, CVE-2023-2194, CVE-2023-23586, CVE-2023-2483, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269, CVE-2023-33288
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.154.1, kernel-source-5.3.18-150200.24.154.1, kernel-syms-5.3.18-150200.24.154.1, kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.154.1, kernel-source-5.3.18-150200.24.154.1, kernel-syms-5.3.18-150200.24.154.1, kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.154.1, kernel-source-5.3.18-150200.24.154.1, kernel-syms-5.3.18-150200.24.154.1, kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1
SUSE Enterprise Storage 7 (src): kernel-obs-build-5.3.18-150200.24.154.1, kernel-source-5.3.18-150200.24.154.1, kernel-syms-5.3.18-150200.24.154.1, kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_37-1-150200.5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Maintenance Automation 2023-07-10 16:30:22 UTC

SUSE-SU-2023:2804-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.130.1, kernel-syms-rt-4.12.14-10.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 38 Maintenance Automation 2023-07-11 16:31:51 UTC

SUSE-SU-2023:2809-1: An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1185861, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206578, 1206640, 1206649, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212405, 1212445, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212605, 1212606, 1212619, 1212701, 1212741
CVE References: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Maintenance Automation 2023-07-11 16:32:47 UTC

SUSE-SU-2023:2808-1: An update that solves 13 vulnerabilities and has 21 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1174852, 1190317, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1211519, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-azure-4.12.14-16.139.1, kernel-source-azure-4.12.14-16.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Maintenance Automation 2023-07-14 11:08:41 UTC

SUSE-SU-2023:2822-1: An update that solves 13 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1160435, 1172073, 1174852, 1190317, 1191731, 1199046, 1205758, 1208600, 1208604, 1209039, 1209779, 1210533, 1210791, 1211089, 1211519, 1211796, 1212051, 1212128, 1212129, 1212154, 1212158, 1212164, 1212165, 1212167, 1212170, 1212173, 1212175, 1212185, 1212236, 1212240, 1212244, 1212266, 1212443, 1212501, 1212502, 1212606, 1212701, 1212842, 1212938
CVE References: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Jira References: SLE-18857
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_45-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.165.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.165.1, kernel-source-4.12.14-122.165.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Maintenance Automation 2023-07-14 13:14:50 UTC

SUSE-SU-2023:2830-1: An update that solves 12 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1160435, 1198400, 1208604, 1209039, 1209779, 1210533, 1211449, 1212051, 1212128, 1212129, 1212154, 1212158, 1212501, 1212502, 1212606, 1212842
CVE References: CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_42-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.151.1, kernel-source-4.12.14-150100.197.151.1, kernel-obs-build-4.12.14-150100.197.151.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Maintenance Automation 2023-07-18 16:32:28 UTC

SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 44 Joey Lee 2023-07-27 14:30:28 UTC

(In reply to Joey Lee from comment #21)
> (In reply to Joey Lee from comment #1)
> > (In reply to Alexander Bergmann from comment #0)
> > > CVE-2023-1637
> > > 
> > > A flaw found in the Linux Kernel. After resuming from suspend-to-RAM, the
> > > MSRs that control CPU's speculative execution behavior are not being
> > > restored on the boot CPU.
> > > 
> > > These MSRs are used to mitigate speculative execution vulnerabilities. Not
> > > restoring them correctly may leave the CPU vulnerable. Secondary CPU's MSRs
> > > are correctly being restored at S3 resume by identify_secondary_cpu().
> > > 
> > > References:
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> > > ?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
> > 
> > commit e2a1256b17b16f9b9adf1b6fea56819e7b68e463                
> > [v5.18-rc2~36]
> > Author: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> > Date:   Mon Apr 4 17:35:45 2022 -0700
> > 
> >     x86/speculation: Restore speculation related MSRs during S3 resume
> > ...
> >     Fixes: 772439717dbf ("x86/bugs/intel: Set proper CPU features and setup
> > RDS")       [v4.17-rc7~25^2~40]
> > 
> > Borislav Petkov backported patch to SLE kernels. I will update the
> > references tag
> > in his patch.
> > 
> > SLE Status:
> > 
> > cve/linux-3.0   [Not affect] no 772439717dbf
> >         SLE11-SP3-TD      [Not affect] 
> >         SLE11-SP4-LTSS   [Not affect]
> > 
> > cve/linux-4.4 [Not affect] no 772439717dbf patch
> >     SLE12-SP2-LTSS [OK] Borislav backported, will references tag
> >     SLE12-SP3-LTSS [OK] Borislav backported, will references tag
> >     SLE12-SP3-TD     [OK] Borislav backported, will references tag
> > 
> > cve/linux-4.12 [OK] Borislav backported, will references tag
> >     SLE15-SP1-LTSS [OK]
> >     SLE15-LTSS        [OK]
> >     SLE12-SP4-LTSS [OK]
> >     SLE12-SP5 [OK]
> > 
> > cve/linux-5.3 [OK] Borislav backported, will references tag
> >     15-SP3-LTSS [OK] 
> >     15-SP2-LTSS [OK] 
> > 
> > SLE15-SP4 [OK] Borislav backported, will references tag
> > SLE15-SP5 [OK] Borislav backported, will references tag
> 
> 
> update status:
> 
> cve/linux-3.0   [Not affect] no 772439717dbf
>         SLE11-SP3-TD     [Not affect] 
>         SLE11-SP4-LTSS   [Not affect]
> 
> cve/linux-4.4 [Not affect] no 772439717dbf patch
>     SLE12-SP2-LTSS [affect] has 772439717dbf
>     SLE12-SP3-LTSS [affect] has 772439717dbf
>     SLE12-SP3-TD   [affect] has 772439717dbf
> 
> cve/linux-4.12 [OK] Borislav backported, update references tag [DONE]
>     SLE15-SP1-LTSS [OK]
>     SLE15-LTSS        [OK]
>     SLE12-SP4-LTSS [OK]
>     SLE12-SP5 [OK]
> 
> cve/linux-5.3 [OK] Borislav backported, update references tag [DONE]
>     15-SP3-LTSS [OK]
>     15-SP2-LTSS [OK]
> 
> SLE15-SP4 [OK] Borislav backported, update references tag [DONE]
> SLE15-SP5 [OK] Borislav backported, update references tag [DONE]
> 
> I found that the SLE12-SP2-LTSS, SLE12-SP3-LTSS and SLE12-SP3-TD are
> affected. I am looking at how many patches should be backported for
> e2a1256b17b16f9b9adf1b6fea56819e7b68e463.

Update status:

cve/linux-4.4 [Not affect] no 772439717dbf patch
    SLE12-SP2-LTSS [sent, wait to be merged]
    SLE12-SP3-LTSS [sent, wait to be merged]
    SLE12-SP3-TD   [sent, wait to be merged]

Backported the following patches:

7a9c2dd08eadd5c6943115dbbec040c38d2e0822        x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume [v4.5-rc1~161^2~1]
c49a0a80137c7ca7d6ced4c812c9e07a949f6f24        x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h [v5.3-rc6~4^2~2]
c2955f270a84762343000f103e0640d29c7a96f3        x86/msr: Add the IA32_TSX_CTRL MSR [v5.4-rc8~27^2~17] 
73924ec4d560257004d5b5116b22a3647661e364        x86/pm: Save the MSR validity status at context setup [v5.18-rc2]
e2a1256b17b16f9b9adf1b6fea56819e7b68e463        x86/speculation: Restore speculation related MSRs during S3 resume [v5.18-rc2]

Comment 45 Joey Lee 2023-07-28 16:25:29 UTC

(In reply to Joey Lee from comment #44)
> (In reply to Joey Lee from comment #21)
> > (In reply to Joey Lee from comment #1)
> > > (In reply to Alexander Bergmann from comment #0)
> > > > CVE-2023-1637
> > > > 
> > > > A flaw found in the Linux Kernel. After resuming from suspend-to-RAM, the
> > > > MSRs that control CPU's speculative execution behavior are not being
> > > > restored on the boot CPU.
> > > > 
> > > > These MSRs are used to mitigate speculative execution vulnerabilities. Not
> > > > restoring them correctly may leave the CPU vulnerable. Secondary CPU's MSRs
> > > > are correctly being restored at S3 resume by identify_secondary_cpu().
> > > > 
> > > > References:
> > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> > > > ?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
> > > 
> > > commit e2a1256b17b16f9b9adf1b6fea56819e7b68e463                
> > > [v5.18-rc2~36]
> > > Author: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> > > Date:   Mon Apr 4 17:35:45 2022 -0700
> > > 
> > >     x86/speculation: Restore speculation related MSRs during S3 resume
> > > ...
> > >     Fixes: 772439717dbf ("x86/bugs/intel: Set proper CPU features and setup
> > > RDS")       [v4.17-rc7~25^2~40]
> > > 
> > > Borislav Petkov backported patch to SLE kernels. I will update the
> > > references tag
> > > in his patch.
> > > 
> > > SLE Status:
> > > 
> > > cve/linux-3.0   [Not affect] no 772439717dbf
> > >         SLE11-SP3-TD      [Not affect] 
> > >         SLE11-SP4-LTSS   [Not affect]
> > > 
> > > cve/linux-4.4 [Not affect] no 772439717dbf patch
> > >     SLE12-SP2-LTSS [OK] Borislav backported, will references tag
> > >     SLE12-SP3-LTSS [OK] Borislav backported, will references tag
> > >     SLE12-SP3-TD     [OK] Borislav backported, will references tag
> > > 
> > > cve/linux-4.12 [OK] Borislav backported, will references tag
> > >     SLE15-SP1-LTSS [OK]
> > >     SLE15-LTSS        [OK]
> > >     SLE12-SP4-LTSS [OK]
> > >     SLE12-SP5 [OK]
> > > 
> > > cve/linux-5.3 [OK] Borislav backported, will references tag
> > >     15-SP3-LTSS [OK] 
> > >     15-SP2-LTSS [OK] 
> > > 
> > > SLE15-SP4 [OK] Borislav backported, will references tag
> > > SLE15-SP5 [OK] Borislav backported, will references tag
> > 
> > 
> > update status:
> > 
> > cve/linux-3.0   [Not affect] no 772439717dbf
> >         SLE11-SP3-TD     [Not affect] 
> >         SLE11-SP4-LTSS   [Not affect]
> > 
> > cve/linux-4.4 [Not affect] no 772439717dbf patch
> >     SLE12-SP2-LTSS [affect] has 772439717dbf
> >     SLE12-SP3-LTSS [affect] has 772439717dbf
> >     SLE12-SP3-TD   [affect] has 772439717dbf
> > 
> > cve/linux-4.12 [OK] Borislav backported, update references tag [DONE]
> >     SLE15-SP1-LTSS [OK]
> >     SLE15-LTSS        [OK]
> >     SLE12-SP4-LTSS [OK]
> >     SLE12-SP5 [OK]
> > 
> > cve/linux-5.3 [OK] Borislav backported, update references tag [DONE]
> >     15-SP3-LTSS [OK]
> >     15-SP2-LTSS [OK]
> > 
> > SLE15-SP4 [OK] Borislav backported, update references tag [DONE]
> > SLE15-SP5 [OK] Borislav backported, update references tag [DONE]
> > 
> > I found that the SLE12-SP2-LTSS, SLE12-SP3-LTSS and SLE12-SP3-TD are
> > affected. I am looking at how many patches should be backported for
> > e2a1256b17b16f9b9adf1b6fea56819e7b68e463.
> 
> Update status:
> 
> cve/linux-4.4 [Not affect] no 772439717dbf patch
>     SLE12-SP2-LTSS [sent, wait to be merged]
>     SLE12-SP3-LTSS [sent, wait to be merged]
>     SLE12-SP3-TD   [sent, wait to be merged]
> 
> Backported the following patches:
> 
> 7a9c2dd08eadd5c6943115dbbec040c38d2e0822        x86/pm: Introduce quirk
> framework to save/restore extra MSR registers around suspend/resume
> [v4.5-rc1~161^2~1]
> c49a0a80137c7ca7d6ced4c812c9e07a949f6f24        x86/CPU/AMD: Clear RDRAND
> CPUID bit on AMD family 15h/16h [v5.3-rc6~4^2~2]
> c2955f270a84762343000f103e0640d29c7a96f3        x86/msr: Add the
> IA32_TSX_CTRL MSR [v5.4-rc8~27^2~17] 
> 73924ec4d560257004d5b5116b22a3647661e364        x86/pm: Save the MSR
> validity status at context setup [v5.18-rc2]
> e2a1256b17b16f9b9adf1b6fea56819e7b68e463        x86/speculation: Restore
> speculation related MSRs during S3 resume [v5.18-rc2]


Update status:

cve/linux-4.4 [Not affect] no 772439717dbf patch
     SLE12-SP2-LTSS [DONE]
     SLE12-SP3-LTSS [DONE]
     SLE12-SP3-TD   [DONE]

Comment 46 Joey Lee 2023-07-28 16:25:56 UTC

Backported patch be merged. Reset assigner.

Comment 51 Maintenance Automation 2023-08-16 08:31:33 UTC

SUSE-SU-2023:3324-1: An update that solves 14 vulnerabilities and has two fixes can now be installed.

Category: security (important)
Bug References: 1087082, 1126703, 1206418, 1207561, 1209779, 1210584, 1211738, 1211867, 1212502, 1213059, 1213167, 1213251, 1213286, 1213287, 1213585, 1213588
CVE References: CVE-2018-20784, CVE-2018-3639, CVE-2022-40982, CVE-2023-0459, CVE-2023-1637, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-3106, CVE-2023-3268, CVE-2023-35001, CVE-2023-3567, CVE-2023-3611, CVE-2023-3776
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): kernel-syms-4.4.121-92.208.1, kernel-source-4.4.121-92.208.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 52 Maintenance Automation 2024-02-27 12:01:14 UTC

SUSE-SU-2023:2646-1: An update that solves 69 vulnerabilities, contains six features and has 292 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198438, 1198835, 1199304, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204662, 1204993, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207050, 1207088, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209292, 1209367, 1209457, 1209504, 1209532, 1209556, 1209600, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210409, 1210439, 1210449, 1210450, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211140, 1211205, 1211263, 1211280, 1211281, 1211299, 1211387, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158
CVE References: CVE-2022-2196, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1380, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-33951, CVE-2023-33952
Jira References: PED-3210, PED-3259, PED-3692, PED-3750, PED-3759, PED-4022
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.