{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for spectre-meltdown-checker","title":"Title of the patch"},{"category":"description","text":"This update for spectre-meltdown-checker fixes the following issues:\n\n- updated to 0.46\n  This release mainly focuses on the detection of the new Zenbleed\n  (CVE-2023-20593) vulnerability, among few other changes that were in\n  line waiting for a release:\n  - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)\n  - feat: add the linux-firmware repository as another source for CPU microcode versions\n  - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2\n  - fix: docker: adding missing utils (#433)\n  - feat: add support for Guix System kernel\n  - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)\n  - fix: a /devnull file was mistakenly created on the filesystem\n  - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)\n\n- updated to 0.45\n  - arm64: phytium: Add CPU Implementer Phytium\n  - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig\n  - chore: ensure vars are set before being dereferenced (set -u compat)\n  - chore: fix indentation\n  - chore: fwdb: update to v220+i20220208\n  - chore: only attempt to load msr and cpuid module once\n  - chore: read_cpuid: use named constants\n  - chore: readme: framapic is gone, host the screenshots on GitHub\n  - chore: replace 'Vulnerable to' by 'Affected by' in the hw section\n  - chore: speculative execution -> transient execution\n  - chore: update fwdb to v222+i20220208\n  - chore: update Intel Family 6 models\n  - chore: wording: model not vulnerable -> model not affected\n  - doc: add an FAQ entry about CVE support\n  - doc: add an FAQ.md and update the README.md accordingly\n  - doc: more FAQ and README\n  - doc: readme: make the FAQ entry more visible\n  - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied\n  - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208\n  - feat: add subleaf != 0 support for read_cpuid\n  - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)\n  - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected\n  - feat: hw check: add IPRED, RRSBA, BHI features check\n  - feat: implement detection for MCEPSC under BSD\n  - feat: set default TMPDIR for Android (#415)\n  - fix: extract_kernel: don't overwrite kernel_err if already set\n  - fix: has_vmm false positive with pcp\n  - fix: is_ucode_blacklisted: fix some model names\n  - fix: mcedb: v191 changed the MCE table format\n  - fix: refuse to run under MacOS and ESXi\n  - fix: retpoline: detection on 5.15.28+ (#420)\n  - fix: variant4: added case where prctl ssbd status is tagged as 'unknown'\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2024-885,SUSE-SLE-SERVER-12-SP5-2024-885","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0885-1.json"},{"category":"self","summary":"URL for SUSE-SU-2024:0885-1","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240885-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2024:0885-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-March/018178.html"},{"category":"self","summary":"SUSE CVE CVE-2023-20593 page","url":"https://www.suse.com/security/cve/CVE-2023-20593/"}],"title":"Security update for spectre-meltdown-checker","tracking":{"current_release_date":"2024-03-14T12:27:32Z","generator":{"date":"2024-03-14T12:27:32Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2024:0885-1","initial_release_date":"2024-03-14T12:27:32Z","revision_history":[{"date":"2024-03-14T12:27:32Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"spectre-meltdown-checker-0.46-3.9.1.i586","product":{"name":"spectre-meltdown-checker-0.46-3.9.1.i586","product_id":"spectre-meltdown-checker-0.46-3.9.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"spectre-meltdown-checker-0.46-3.9.1.x86_64","product":{"name":"spectre-meltdown-checker-0.46-3.9.1.x86_64","product_id":"spectre-meltdown-checker-0.46-3.9.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"spectre-meltdown-checker-0.46-3.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"},"product_reference":"spectre-meltdown-checker-0.46-3.9.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"spectre-meltdown-checker-0.46-3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"},"product_reference":"spectre-meltdown-checker-0.46-3.9.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2023-20593","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-20593"}],"notes":[{"category":"general","text":"An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-20593","url":"https://www.suse.com/security/cve/CVE-2023-20593"},{"category":"external","summary":"SUSE Bug 1213286 for CVE-2023-20593","url":"https://bugzilla.suse.com/1213286"},{"category":"external","summary":"SUSE Bug 1213616 for CVE-2023-20593","url":"https://bugzilla.suse.com/1213616"},{"category":"external","summary":"SUSE Bug 1215674 for CVE-2023-20593","url":"https://bugzilla.suse.com/1215674"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"]}],"threats":[{"category":"impact","date":"2024-03-14T12:27:32Z","details":"moderate"}],"title":"CVE-2023-20593"}]}