Security Vulnerability: "PortSmash" aka CVE-2018-5407.
This document (7023497) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 15
- The programmatic solution is to adjust cryptographic routines to operate in constant time.
SUSE will be providing fixed openssl packages mitigating the openssl elliptic curve multiplication in the coming days.
- To be safe against future variants of this attack, disabling Synchronous Multi Threading, or only turning this on in "safe" scenarios, should be considered.
The SUSE guidance for 'trusted' vs 'untrusted' guests is the same as our guidance on the L1 Terminal Fault issue.Detailed information on the usage of SMT and other relevant kernel commandline parameters can be found here: TID 7023077 - "L1 Terminal Fault" (L1TF).
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023497
- Creation Date: 05-Nov-2018
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com