Home Home > 2018 > 01 > 04 > Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities
Sign up | Login

Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities

January 4th, 2018 by

Hi folks,

By now you probably heard about the new “Spectre” and “Meltdown” side channel
attacks against current processors.

openSUSE, same as almost all other current operating systems, is affected by
these problems.

For SUSE Linux Enterprise we posted these blog and technical information
pages that in their descriptions also match openSUSE, so I would not duplicate
all of this information:

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

https://www.suse.com/support/kb/doc/?id=7022512

SUSE engineers have been working with other hardware and operating systems
vendors to prepare patches to mitigate these flaws over the last weeks
and have been preparing updates.

As the embargo was lifted last night, we could now also start openSUSE
updates.

For openSUSE Leap 42.2 and 42.3, we have the advantage that the
kernel codebase is shared between SUSE Linux Enterprise 12 SP2 and SP3
respectively, so the work mostly consisted of simply merging git branches.

The openSUSE Leap 42.2 and 42.3 kernel updates are currently building
and once they have passed a quick openQA check they will be released.

For openSUSE Tumbleweed we have ported patches on top of Linux Kernel 4.14
and a submission against the Factory projects has been done.

Here also a quick openQA check will be run and then it will be released
for our Tumbleweed users in the next days.

Additionally, these updates are accompanied also by ucode-intel,
kernel-firmware and qemu updates needed for one variant of the Spectre
Attack.

Regards,

Marcus Meissner & the openSUSE Security Team

Both comments and pings are currently closed.

17 Responses to “Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities”

  1. Hi there , i am using the opensuse leap 42.3. (german )
    After searching for new updates
    i installed also the kernel and the ucode-intel patches.

    After the required reboot , the system hung just after the display of the selection menu of grub
    with the following message ‘initiale ramdisk wird geladen’.

    After these i took a back up and installed all patches except the patch
    openSUSE-2018-4(1) so far everything is fine . Rebooing no problem.
    But after installing this patch the system hung with the mentioned message.
    This is not the expected behaviour.

    May be this happens just only at my machine, i guess you can check it at your site wether
    it could also happen to other installations.

    regards Benno

    • James Hobson

      Hello there!

      It looks like a problem we have been having on raspberry pi and tumbleweed! But don’t worry if it is, it is fixed through grub.
      https://ubuntuforums.org/showthread.php?t=1561735
      About halfway down is some instructions on re configuring where grub looks for your kernel and initial ram file system. (The post starts with ‘What’s happened is that grub has lost track of where your operating system is located.’)

      Home you find a solution!
      Thanks

      James

  2. jspilker

    Hi Benno,

    I have exactly the same problem (opensuse leap 32.3 german, intel i6850K with encrypted NVME-SSD). It’s not a singular problem of your computer. Does the recommended fix work?

    Joerg

  3. P_pahare

    Thanks, Updated ;-)

  4. John

    Hi Benno and Joerg,

    I have the exact same problem too. Mine was on a new install LEAP 42.3 64 bit. Everything was working as expected until I installed the recommended Linux kernel and Intel u-code updates.

    Even when booting up on a single disk system with /dev/sda only, I still get the same failure to boot past “loading initial ramdisk” :(

    Did either of you managed to find a fix to this problem?

    Begining to feel like the cure is worst than the disease…

  5. John

    It does not look like a “lost track of operating system” problem, at least in my case…it seems more like after the updates, the operating system is no longer recognised by the cpu…

  6. John

    I will selectively update new installs to test the above hypothesis…and post back later

  7. John

    No dice…boot failure persistent:

    Loading Linux 4.4.104-39-default …
    Loading initial ramdisk …

    I hope others have better luck in sorting this out.

    Trying to boot using previous default no longer works and boot up freezes at:

    Loading Linux 4.4.76-1-default …
    Loading initial ramdisk …

    Will take time to isolate the patch/es responsible…

  8. Uwe

    Poor information for LEAP 43.3 – some links to SLES, but no clear info which exact kernel patch for LEAP 43.3 is required to have the minimum fixes. kernel.org mentions fixes in chanegelog for 4.4.110. So opensuse.org leaves me alone. I assume 4.4.104-39 is the fixed kernel – correct ?

  9. Benno

    Hi folks,

    i reinstalled the patches, got the “Ramdisk” message and a freezing system.
    I reinstalled Grub2 with the rescue-system but it still wont work.
    So i restore the latest backup and try to prevent the system from reinstalling the patches.

    Waiting for a solution…

  10. John

    Hi Benno

    Same here. Reinstalling Grub2 after booting using rescue disk definitely dies not help at help. I am also left with a frozen system with the above screen message.

    I suspect that there will be more like us as more LEAP 42.3 systems are patched over the next few weeks…

    Look forward to comments from Marcus and the openSUSE security team…

  11. John

    Looks like openSUSE is not the only OS affected by the patches for Spectre and Meltdown.

    Windows machine are also being bricked…

    “Microsoft’s ‘Meltdown’ updates are reportedly bricking AMD PCs”
    https://www.engadget.com/2018/01/09/microsoft-halts-meltdown-spectre-amd-patches/

  12. Petr

    Hi Benno and John,

    the same problem here. After application of the last kernel patch (kernel-default-4.4.104-18.44.1) and intel u-code I’m not able to boot into the new environment with the annoying “Loading initial ramdisk…” message. Interesting is I can boot into kernel version 4.4.103-18.41 (even with the updated intel u-code).

    Have tried to re-install the new kernel without success.

    Now I have to take some steps against automatic uninstall this working version after next kernel update. And have to hope the next version will solve our problem.

    Petr

    • Netphilos

      Hi everyone:

      I am also able to boot into the previous kernel version but not into the new patched one; and my system is dual-boot (windows 8.1 – opensuse 42.2)

      Kind regards.

  13. Jens

    Hi,
    same problem here with intel core i5-4400u.
    After installing intel-ucode opensuse Leap 42.2 cannot boot kernel 4.4.104.

    Unfortunately, EOL for 42.2 is this week. I am totally disappointed.
    I would expect to hear some news, advices or announcements here.

    Best regards
    Jens

  14. Albyone

    I have a temporary solution until 42.3 came out.
    Highlight the kernel you want to boot (42.2)
    Select “e” to edit the boot command line.
    Add the following to the end of the kernel boot command line: noefi
    Hit enter……
    The OS booted up for me.
    Then I edited the grub menu config file and put the same item at the end of the command line: noefi

    Subsequent reboots all worked.

    Once I upgraded to 43.3 though, the kernel command line overwritten, removing the noefi item….. but the OS started to boot OK after that.

    Hope this helps.

  15. I’ve a little question about these bugs. The patch of the processor Intel was installed in one of the updates in early in January. The fact is that I installed a small sh program that checks the vulnerabilities in CVE-2017-5753 y CVE-2017-5715 for Intel processors and even the patch is installed there’s an issue in the second variant of Spectre (CVE-2017-5715). So a kernel support or kernel with retpoline-aware is needed to avoid future problems.
    My processor is Intel T2370

    Thanks!