Security update for kgraft

SUSE Security Update: Security update for kgraft
Announcement ID: SUSE-SU-2018:2394-1
Rating: important
References: #1099306
Affected Products:
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Live Patching 12

  • An update that fixes one vulnerability is now available.

    Description:

    This update for kgraft fixes the following issues:

    Add script for disabling SMT to help with the mitigation of the "L1
    Terminal Fault" issue (CVE-2018-3646 bsc#1099306)

    The script is called "klp-kvm-l1tf-ctrl-smt" and is used for enabling or
    disabling SMT to mitigate the issue when this administrative decision is
    taken.

    Disabling SMT:

    klp-kvm-l1tf-ctrl-smt -d

    Enabling SMT:

    klp-kvm-l1tf-ctrl-smt -e

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Live Patching 12-SP3:
      zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-1637=1
    • SUSE Linux Enterprise Live Patching 12:
      zypper in -t patch SUSE-SLE-Live-Patching-12-2018-1637=1

    Package List:

    • SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64):
      • kgraft-1.0-23.9.1
    • SUSE Linux Enterprise Live Patching 12 (ppc64le s390x x86_64):
      • kgraft-1.0-23.9.1
    • SUSE Linux Enterprise Live Patching 12 (x86_64):
      • kgraft-devel-1.0-23.9.1

    References: