The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).
A new boot commandline option was introduced, 'specstorebypass_disable', which can have following values:
The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.
Status can be queried via the /sys/devices/system/cpu/vulnerabilities/specstorebypass file, containing:
CVE-2018-8781: The udlfbmmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).
The following non-security bugs were fixed:
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-default-extra": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-default-extra": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-default-extra": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }
{ "binaries": [ { "kernel-macros": "4.4.131-94.29.1", "kernel-devel": "4.4.131-94.29.1", "kernel-default-base": "4.4.131-94.29.1", "kernel-default-man": "4.4.131-94.29.1", "kernel-default": "4.4.131-94.29.1", "kernel-source": "4.4.131-94.29.1", "kernel-syms": "4.4.131-94.29.1", "kernel-default-devel": "4.4.131-94.29.1" } ] }