The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-3639: Information leaks using 'Memory     Disambiguation' feature in modern CPUs were mitigated,     aka 'Spectre Variant 4' (bnc#1087082). A new boot     commandline option was introduced,     'spec_store_bypass_disable', which can have following     values :

  - auto: Kernel detects whether your CPU model contains an     implementation of Speculative Store Bypass and picks the     most appropriate mitigation.

  - on: disable Speculative Store Bypass

  - off: enable Speculative Store Bypass

  - prctl: Control Speculative Store Bypass per thread via     prctl. Speculative Store Bypass is enabled for a process     by default. The state of the control is inherited on     fork.

  - seccomp: Same as 'prctl' above, but all seccomp threads     will disable SSB unless they explicitly opt out. The     default is 'seccomp', meaning programs need explicit     opt-in into the mitigation. Status can be queried via     the     /sys/devices/system/cpu/vulnerabilities/spec_store_bypas     s file, containing :

  - 'Vulnerable'

  - 'Mitigation: Speculative Store Bypass disabled'

  - 'Mitigation: Speculative Store Bypass disabled via     prctl'

  - 'Mitigation: Speculative Store Bypass disabled via prctl     and seccomp'

  - CVE-2018-1000199: An address corruption flaw was     discovered while modifying a h/w breakpoint via     'modify_user_hw_breakpoint' routine, an unprivileged     user/process could use this flaw to crash the system     kernel resulting in DoS OR to potentially escalate     privileges on a the system. (bsc#1089895)

  - CVE-2018-10675: The do_get_mempolicy function in     mm/mempolicy.c allowed local users to cause a denial of     service (use-after-free) or possibly have unspecified     other impact via crafted system calls (bnc#1091755).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)

high Nessus Plugin ID 110040

Version 1.11

Version 1.10

Version 1.11 Jan 12, 2026, 2:57 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202601121457
Version 1.10 Oct 3, 2024, 9:04 AM CVSSv2 score source (set to "CVE-2018-10675") Plugin Feed: 202410030904