{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update to ucode-intel","title":"Title of the patch"},{"category":"description","text":"\nucode-intel was updated to the 20180807 release.\n\nFor the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is\npart of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646\n(L1 Terminal fault).\n(bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343)\n\n Processor             Identifier     Version       Products\n\n Model        Stepping F-MO-S/PI      Old->New\n\n ---- new platforms ----------------------------------------\n WSM-EP/WS    U1       6-2c-2/03           0000001f Xeon E/L/X56xx, W36xx\n NHM-EX       D0       6-2e-6/04           0000000d Xeon E/L/X65xx/75xx\n BXT          C0       6-5c-2/01           00000014 Atom T5500/5700\n APL          E0       6-5c-a/03           0000000c Atom x5-E39xx\n DVN          B0       6-5f-1/01           00000024 Atom C3xxx\n ---- updated platforms ------------------------------------\n NHM-EP/WS    D0       6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx\n NHM          B1       6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx\n WSM          B1       6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406\n WSM          K0       6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx\n SNB          D2       6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3\n WSM-EX       A2       6-2f-2/05 00000037->0000003b Xeon E7\n IVB          E2       6-3a-9/12 0000001f->00000020 Core Gen3 Mobile\n HSW-H/S/E3   Cx/Dx    6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3\n BDW-U/Y      E/F      6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile\n HSW-ULT      Cx/Dx    6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron\n HSW-H        Cx       6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX\n BDW-H/E3     E/G      6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4\n SKL-U/Y      D0       6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile\n BDX-DE       V1       6-56-2/10 00000015->00000017 Xeon D-1520/40\n BDX-DE       V2/3     6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n BDX-DE       Y0       6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87\n APL          D0       6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n SKL-H/S/E3   R0       6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Module-Basesystem-15-2018-1580","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2338-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:2338-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182338-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:2338-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-August/004422.html"},{"category":"self","summary":"SUSE Bug 1087082","url":"https://bugzilla.suse.com/1087082"},{"category":"self","summary":"SUSE Bug 1087083","url":"https://bugzilla.suse.com/1087083"},{"category":"self","summary":"SUSE Bug 1089343","url":"https://bugzilla.suse.com/1089343"},{"category":"self","summary":"SUSE Bug 1104134","url":"https://bugzilla.suse.com/1104134"},{"category":"self","summary":"SUSE CVE CVE-2018-3639 page","url":"https://www.suse.com/security/cve/CVE-2018-3639/"},{"category":"self","summary":"SUSE CVE CVE-2018-3640 page","url":"https://www.suse.com/security/cve/CVE-2018-3640/"},{"category":"self","summary":"SUSE CVE CVE-2018-3646 page","url":"https://www.suse.com/security/cve/CVE-2018-3646/"}],"title":"Security update to ucode-intel","tracking":{"current_release_date":"2018-08-15T15:31:46Z","generator":{"date":"2018-08-15T15:31:46Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:2338-1","initial_release_date":"2018-08-15T15:31:46Z","revision_history":[{"date":"2018-08-15T15:31:46Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"ucode-intel-20180807-3.6.1.x86_64","product":{"name":"ucode-intel-20180807-3.6.1.x86_64","product_id":"ucode-intel-20180807-3.6.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for Basesystem 15","product":{"name":"SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-basesystem:15"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ucode-intel-20180807-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15","product_id":"SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"},"product_reference":"ucode-intel-20180807-3.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Module for Basesystem 15"}]},"vulnerabilities":[{"cve":"CVE-2018-3639","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-3639"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-3639","url":"https://www.suse.com/security/cve/CVE-2018-3639"},{"category":"external","summary":"SUSE Bug 1074701 for CVE-2018-3639","url":"https://bugzilla.suse.com/1074701"},{"category":"external","summary":"SUSE Bug 1085235 for CVE-2018-3639","url":"https://bugzilla.suse.com/1085235"},{"category":"external","summary":"SUSE Bug 1085308 for CVE-2018-3639","url":"https://bugzilla.suse.com/1085308"},{"category":"external","summary":"SUSE Bug 1087078 for CVE-2018-3639","url":"https://bugzilla.suse.com/1087078"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-3639","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1092631 for CVE-2018-3639","url":"https://bugzilla.suse.com/1092631"},{"category":"external","summary":"SUSE Bug 1092885 for CVE-2018-3639","url":"https://bugzilla.suse.com/1092885"},{"category":"external","summary":"SUSE Bug 1094912 for CVE-2018-3639","url":"https://bugzilla.suse.com/1094912"},{"category":"external","summary":"SUSE Bug 1098813 for CVE-2018-3639","url":"https://bugzilla.suse.com/1098813"},{"category":"external","summary":"SUSE Bug 1100394 for CVE-2018-3639","url":"https://bugzilla.suse.com/1100394"},{"category":"external","summary":"SUSE Bug 1102640 for CVE-2018-3639","url":"https://bugzilla.suse.com/1102640"},{"category":"external","summary":"SUSE Bug 1105412 for CVE-2018-3639","url":"https://bugzilla.suse.com/1105412"},{"category":"external","summary":"SUSE Bug 1111963 for CVE-2018-3639","url":"https://bugzilla.suse.com/1111963"},{"category":"external","summary":"SUSE Bug 1172781 for CVE-2018-3639","url":"https://bugzilla.suse.com/1172781"},{"category":"external","summary":"SUSE Bug 1172782 for CVE-2018-3639","url":"https://bugzilla.suse.com/1172782"},{"category":"external","summary":"SUSE Bug 1172783 for CVE-2018-3639","url":"https://bugzilla.suse.com/1172783"},{"category":"external","summary":"SUSE Bug 1173489 for CVE-2018-3639","url":"https://bugzilla.suse.com/1173489"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2018-3639","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2018-3639","url":"https://bugzilla.suse.com/1201877"},{"category":"external","summary":"SUSE Bug 1215674 for CVE-2018-3639","url":"https://bugzilla.suse.com/1215674"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-08-15T15:31:46Z","details":"moderate"}],"title":"CVE-2018-3639"},{"cve":"CVE-2018-3640","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-3640"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-3640","url":"https://www.suse.com/security/cve/CVE-2018-3640"},{"category":"external","summary":"SUSE Bug 1074701 for CVE-2018-3640","url":"https://bugzilla.suse.com/1074701"},{"category":"external","summary":"SUSE Bug 1087078 for CVE-2018-3640","url":"https://bugzilla.suse.com/1087078"},{"category":"external","summary":"SUSE Bug 1087083 for CVE-2018-3640","url":"https://bugzilla.suse.com/1087083"},{"category":"external","summary":"SUSE Bug 1094912 for CVE-2018-3640","url":"https://bugzilla.suse.com/1094912"},{"category":"external","summary":"SUSE Bug 1098813 for CVE-2018-3640","url":"https://bugzilla.suse.com/1098813"},{"category":"external","summary":"SUSE Bug 1100394 for CVE-2018-3640","url":"https://bugzilla.suse.com/1100394"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2018-3640","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 1175912 for CVE-2018-3640","url":"https://bugzilla.suse.com/1175912"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2018-3640","url":"https://bugzilla.suse.com/1201877"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-08-15T15:31:46Z","details":"moderate"}],"title":"CVE-2018-3640"},{"cve":"CVE-2018-3646","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-3646"}],"notes":[{"category":"general","text":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-3646","url":"https://www.suse.com/security/cve/CVE-2018-3646"},{"category":"external","summary":"SUSE Bug 1087078 for CVE-2018-3646","url":"https://bugzilla.suse.com/1087078"},{"category":"external","summary":"SUSE Bug 1087081 for CVE-2018-3646","url":"https://bugzilla.suse.com/1087081"},{"category":"external","summary":"SUSE Bug 1089343 for CVE-2018-3646","url":"https://bugzilla.suse.com/1089343"},{"category":"external","summary":"SUSE Bug 1091107 for CVE-2018-3646","url":"https://bugzilla.suse.com/1091107"},{"category":"external","summary":"SUSE Bug 1099306 for CVE-2018-3646","url":"https://bugzilla.suse.com/1099306"},{"category":"external","summary":"SUSE Bug 1104365 for CVE-2018-3646","url":"https://bugzilla.suse.com/1104365"},{"category":"external","summary":"SUSE Bug 1104894 for CVE-2018-3646","url":"https://bugzilla.suse.com/1104894"},{"category":"external","summary":"SUSE Bug 1106548 for CVE-2018-3646","url":"https://bugzilla.suse.com/1106548"},{"category":"external","summary":"SUSE Bug 1113534 for CVE-2018-3646","url":"https://bugzilla.suse.com/1113534"},{"category":"external","summary":"SUSE Bug 1136865 for CVE-2018-3646","url":"https://bugzilla.suse.com/1136865"},{"category":"external","summary":"SUSE Bug 1178658 for CVE-2018-3646","url":"https://bugzilla.suse.com/1178658"},{"category":"external","summary":"SUSE Bug 1201877 for CVE-2018-3646","url":"https://bugzilla.suse.com/1201877"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Module for Basesystem 15:ucode-intel-20180807-3.6.1.x86_64"]}],"threats":[{"category":"impact","date":"2018-08-15T15:31:46Z","details":"important"}],"title":"CVE-2018-3646"}]}