DescriptionSystems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Overall state of this security issue: Pending
This issue is currently rated as having moderate severity.
Note from the SUSE Security TeamThis issue affects Intel x86 based systems only. It will be solved by using CPU Microcode updates, without help from Operating System software. SUSE Bugzilla entries: 0 [RESOLVED / WONTFIX], 1074701 [IN_PROGRESS], 1087083 [NEW] SUSE Security Advisories:
- TID7022512, published Sa 3. Mär 12:01:04 CET 2018
- TID7022950, published Tue May 22 00:46:29 CEST 2018
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.
|SUSE Linux Enterprise Desktop 12 SP2||ucode-intel||Unsupported|
|SUSE Linux Enterprise Desktop 12 SP3||ucode-intel||Affected|
|SUSE Linux Enterprise Server 11 SP3 LTSS||microcode_ctl||Affected|
|SUSE Linux Enterprise Server 11 SP4||microcode_ctl||Affected|
|SUSE Linux Enterprise Server 12 GA LTSS||ucode-intel||Affected|
|SUSE Linux Enterprise Server 12 SP1 LTSS||ucode-intel||Affected|
|SUSE Linux Enterprise Server 12 SP2||ucode-intel||Unsupported|
|SUSE Linux Enterprise Server 12 SP3||ucode-intel||Affected|