SUSE addresses Microarchitectural Data Sampling Vulnerabilities
Researchers have identified new CPU side channel information leak attacks against various microarchitectural buffers used in Intel CPUs. These attacks allows local attackers to execute code to read out portions of recently read or written data by using speculative execution. Local attackers can be on the same OS or running code on the same thread of a CPU core, which could happen for other VMs on the same physical host.
Intel, together with hardware and operating system vendors, have worked over recent months to prepare mitigations for these vulnerabilities, also known as RIDL, Fallout and ZombieLoadAttack.
SUSE has prepared updates for all currently maintained kernels and hypervisors, and Intel is releasing CPU Microcode updates – see Intel Security Advisory 00233.
More details and up-to-date information on all software mitigations are on our Technical Information Document page – TID 7023736 – and will be continually updated.
TID link: suse.com/support/kb/doc/?id=7023736
Hardware vendors, software vendors, various security researchers and the Linux kernel community collaborated closely in mitigating this issue in a timely fashion. SUSE is actively participating at the forefront of this industry collaboration for the good of our customers and the industry.