[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-announce] Xen Security Advisory 305 v1 (CVE-2019-11135) - TSX Asynchronous Abort speculative side channel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2019-11135 / XSA-305 TSX Asynchronous Abort speculative side channel ISSUE DESCRIPTION ================= This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous Abort is a state which occurs between a transaction definitely aborting (usually for reasons outside of the pipeline's control e.g. receiving an interrupt), and architectural state being rolled back to start of the transaction. During this period, speculative execution may be able to infer the value of data in the microarchitectural structures. For more details, see: https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort IMPACT ====== An attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes. This can include data from: * A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attacker's execution. Vulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads. An attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data. VULNERABLE SYSTEMS ================== Systems running all versions of Xen are affected. Only x86 processors are vulnerable. ARM processors are not believed to be vulnerable. Only Intel based processors are affected. Processors from other manufacturers (e.g. AMD) are not believed to be vulnerable. Only Intel processors supporting TSX (Transactional Synchronization eXtensions) are affected. Systems which have the XSA-297 (MDS) fixes, and do not enumerate MDS_NO (Hardware fixes to MDS) are not vulnerable to TAA (XSA-305). (Specifically, the XSA-297 changes of using VERW flushing and disabling HyperThreading will prevent data leakage via both MDS and TAA.) If the XSA-297 Xen patches for MDS have been applied, Xen will identify at boot if the CPU reports MDS_NO. i.e. [root@localhost ~]# xl dmesg | grep MDS_NO (XEN) Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD MD_CLEAR IBRS_ALL RDCL_NO SKIP_L1DFL MDS_NO Support for TSX is reported by Linux (>=3.4) as `hle' and `rtm' in the cpu flags (`grep -e hle -e rtm /proc/cpuinfo'). (Note that applying Option A from Resolution, below, will disable TSX so suppressing this report, even if the CPU would be vulnerable with TSX enabled.) In summary: systems which support TSX and enumerate MDS_NO are vulnerable to XSA-305 (TAA). MITIGATION ========== There is no mitigation available. RESOLUTION ========== New microcode is required in all cases. It may be available via a firmware update (consult your hardware vendor), or available for boot-time loading (consult your dom0 OS vendor). There are two approaches: Option A: * Upgrade to the new microcode. * Apply the Xen patches (listed below). This will disable TSX (by default, but reenabling it would reintroduce the vulnerability). This option is the recommended resolution. Option B: * Upgrade to the new microcode. * Boot Xen with `smt=0 spec-ctrl=md-clear'. * (The patches are not strictly required.) This option is recommended only if it is known that the workload is such that it is important to retain the TSX feature. `smt=0' disables hyper-threading, and will have a significant performance impact. See `DISCUSSION CONCERNING SMT/HYPER-THREADING' in XSA-297 for more information about the implications and options. Note that the Xen command line argument `spec-ctrl=md-clear' must be specified to mitigate XSA-305, even though some readings of XSA-297 suggest it might be enabled by default when needed. This is because Option B reuses the same mitigation for a new problem. `spec-ctrl=md-clear' is the default on CPUs vulnerable to XSA-297; however, it is not the default on CPUs vulnerable to XSA-305. In each case with the Xen patches applied, appropriate microcode can be observed by finding TSX_CTRL enumerated: [root@localhost ~]# xl dmesg | grep TSX_CTRL (XEN) Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD MD_CLEAR IBRS_ALL RDCL_NO SKIP_L1DFL MDS_NO TSX_CTRL There is no further action (beyond Option A or B above) required for guest kernel/userspace software, and nothing they could do differently to protect themselves in the absence of those changes. xsa305/xsa305-*.patch xen-unstable xsa305/xsa305-4.12-*.patch Xen 4.12.x xsa305/xsa305-4.11-*.patch Xen 4.11.x xsa304/xsa304-4.10-*.patch Xen 4.10.x xsa304/xsa304-4.9-*.patch Xen 4.9.x xsa304/xsa304-4.8-*.patch Xen 4.8.x $ sha256sum xsa305*/* b74bd3954b9c76eee7d9f2c594d5d5c05996f631696b68142f6e5cbe0ceaddf7 xsa305/xsa305-1.patch 67d30c248eefdd8552630c56d55adb9934f575a1fe1f15f7a0fca7d3d099de48 xsa305/xsa305-2.patch b64837e7a75cad86b0bb52379c781b8ea93094569d1a8f9e044c580cc6654869 xsa305/xsa305-4.8-1.patch cbb65761ba8d844d8297e50d3f95cb708b656b5a81a03fa808eb05fb7e58dbcd xsa305/xsa305-4.8-2.patch 607a8fb5006268ca48143729e59d135d6a6d6aac0a77119f44f7ab09a5b600bb xsa305/xsa305-4.9-1.patch f26ee247e0346144ed477c731930ba3ce562f586d6d2fb76f2926a1a32ab2807 xsa305/xsa305-4.9-2.patch 91be2c6b9a81e693c9583c0936c78a7eaaf51815d6ae7e0323be383b334ce73c xsa305/xsa305-4.10-1.patch b15d2feee4a3b9064a2b5387ee0e218f6b05f8b849f80e18f5bbdffcdaf418bc xsa305/xsa305-4.10-2.patch c47fcab07123f551a49c7bf96cad82f7bf9c4bb161b46b84f325e400c6438f3e xsa305/xsa305-4.11-1.patch 2bb81d261c3dc4f3c825ce9795ab4ac9ea08b0d99537ca61d56876be1e6a5d2a xsa305/xsa305-4.11-2.patch c6c7551d1c40340401b3a52a8d4dfa4c24b791764fcc08215d270aabff86474e xsa305/xsa305-4.12-1.patch a528aaaed32b632779a17cf2ed648903d7bc48ba213d6c8f7ce2d78f493e097c xsa305/xsa305-4.12-2.patch $ NOTE REGARDING LACK OF EMBARGO ============================== Despite an attempt to organise predisclosure, the discoverers ultimately did not authorise a predisclosure. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3K8aoMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZt8AH/2MugPfnQiX3JYCYypWN0JRqS9vCTo96pvs1WwBM ohSWjdrgLyb29hKo48QBwV7LzCWAJQmAFKPYVX9CKoRmZOKRJESz9LdQ7zYedeV9 nNDM1HN1PL9dFZ7qyRFh3xuefO9DPQ+oHUdNFRHiJn0ttmu6sv+y8ww0UCBHL6H+ xZl4gCaAM0SNAbaFnJucA7L61NaUSNkcpLmS9r5OmEhAE4wdt+bRaVvqdea4OTc5 y/UvipnaHR2FrDMT6mVhBcnloBCJ99Q1C3uvtErQq6ASKxZ4asNFmpMl9+Vc13bo JVo4GyT6pVQYxJQdB5TtiVUKWklweCR9ioLtDRMHjuy/b1U= =G0Eh -----END PGP SIGNATURE----- Attachment:
xsa305/xsa305-1.patch Attachment:
xsa305/xsa305-2.patch Attachment:
xsa305/xsa305-4.8-1.patch Attachment:
xsa305/xsa305-4.8-2.patch Attachment:
xsa305/xsa305-4.9-1.patch Attachment:
xsa305/xsa305-4.9-2.patch Attachment:
xsa305/xsa305-4.10-1.patch Attachment:
xsa305/xsa305-4.10-2.patch Attachment:
xsa305/xsa305-4.11-1.patch Attachment:
xsa305/xsa305-4.11-2.patch Attachment:
xsa305/xsa305-4.12-1.patch Attachment:
xsa305/xsa305-4.12-2.patch _______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-announce
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |