Security vulnerability : Machine Check Error Avoidance on Page Size Change denial of service attack / CVE-2018-12207
This document (7023735) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
The hardware is affected, no mitigation is implemented.
The hardware is not affected.
KVM: Mitigation: split huge pages
The hardware is vulnerable and the splitting of huge pages is enabled.
The hardware is vulnerable and the splitting of huge pages is not enabled.
This controls the workaround for the bug. Valid options are:
force : Always deploy workaround.off : Never deploy workaround.auto : Deploy workaround based on presence of the CPU affectedness flag.("auto" is the SUSE default.)
If the workaround is enabled for the host, guests do not need to enable it for nested guests.
This can also be changed in /sys/module/kvm/parameters/nx_huge_pages during run-time, using the same values.
Controls how many 4KiB pages are periodically zapped back to huge pages.A value of 0 disables the recovery, otherwise if the value is N, KVM will zap 1/Nth of the 4KiB pages every minute.The SUSE default is 60.This value can also be changed in /sys/module/kvm/parameters/nx_huge_pages_recovery_ratio during run-time using the same values.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023735
- Creation Date: 21-Feb-2019
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com