Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1904-1 Final 1 1 2018-07-06T15:06:49Z current 2018-07-06T15:06:49Z 2018-07-06T15:06:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00005.html E-Mail link for openSUSE-SU-2018:1904-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ucode-intel-20180703-25.1 ucode-intel-blob-20180703-25.1 ucode-intel-20180703-25.1 as a component of openSUSE Leap 42.3 ucode-intel-blob-20180703-25.1 as a component of openSUSE Leap 42.3 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 openSUSE Leap 42.3:ucode-intel-20180703-25.1 openSUSE Leap 42.3:ucode-intel-blob-20180703-25.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00005.html https://www.suse.com/security/cve/CVE-2018-3639.html CVE-2018-3639 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1085235 SUSE Bug 1085235 https://bugzilla.suse.com/1085308 SUSE Bug 1085308 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1100394 SUSE Bug 1100394 https://bugzilla.suse.com/1102640 SUSE Bug 1102640 https://bugzilla.suse.com/1105412 SUSE Bug 1105412 https://bugzilla.suse.com/1113769 SUSE Bug 1113769 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. CVE-2018-3640 openSUSE Leap 42.3:ucode-intel-20180703-25.1 openSUSE Leap 42.3:ucode-intel-blob-20180703-25.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00005.html https://www.suse.com/security/cve/CVE-2018-3640.html CVE-2018-3640 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087083 SUSE Bug 1087083 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1100394 SUSE Bug 1100394