Xen官网安全更新（2023-09-25）

x86/AMD: Divide speculative information leak

<br/><br/><br/>XSA-439 - Xen Security Advisories<br/><br/><br/><br/>InformationAdvisory XSA-439Public release 2023-09-25 16:03Updated 2023-09-25 16:03Version 1CVE(s) CVE-2023-20588Title x86/AMD: Divide speculative information leakFilesadvisory-439.txt (signed advisory file)Advisory-----BEGIN PGP SIGNED MESSAGE-----<br/>Hash: SHA256<br/><br/> Xen Security Advisory CVE-2023-20588 / XSA-439<br/><br/> x86/AMD: Divide speculative information leak<br/><br/>ISSUE DESCRIPTION<br/>=================<br/><br/>In the Zen1 microarchitecure, there is one divider in the pipeline which<br/>services uops from both threads. In the case of #DE, the latched result<br/>from the previous DIV to execute will be forwarded speculatively.<br/><br/>This is a covert channel that allows two threads to communicate without<br/>any system calls. In also allows userspace to obtain the result of the<br/>most recent DIV instruction executed (even speculatively) in the core,<br/>which can be from a higher privilege context.<br/><br/>For more information, see:<br/> * https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html<br/><br/>IMPACT<br/>======<br/><br/>An attacker might be able to infer data from a different execution<br/>context on the same CPU core.<br/><br/>VULNERABLE SYSTEMS<br/>==================<br/><br/>All versions of Xen are vulnerable.<br/><br/>Only AMD Zen1 CPUs are believed to be vulnerable.<br/><br/>MITIGATION<br/>==========<br/><br/>There is no mitigation.<br/><br/>RESOLUTION<br/>==========<br/><br/>The patches for Xen overwrite the buffer in the divider on the<br/>return-to-guest path.<br/><br/>However, as with some prior speculative vulnerabilities, the fix is only<br/>effective in combination with disabling SMT. For the same reasons as<br/>before, Xen does not disable SMT by default.<br/><br/>The system administrator is required to risk-assess their workload, and<br/>choose whether to enable or disable SMT. Xen will issue a warning if<br/>SMT is active and the user has not provided an explicit choice via the<br/>smt=&amp;lt;bool&amp;gt; command line option.<br/><br/>Details of the vulnerability became public before the Xen patches were<br/>complete. Hence the patches are already applied to the appropriate<br/>trees. They are:<br/><br/>Xen-unstable: 1c18d7377453^..b5926c6ecf05<br/>Xen 4.17: d2d2dcae879c^..9ac2f49f5fa3<br/>Xen 4.16: 08539e8315fd^..de751c3d906d<br/>Xen 4.15: db3386e6cad6^..d7b78041dc81<br/>-----BEGIN PGP SIGNATURE-----<br/><br/>iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmURr2UMHHBncEB4ZW4u<br/>b3JnAAoJEIP+FMlX6CvZA1QH/RNSR1O6QJjd7z2gSGA9Yka7VWyYOMB2J01AaIl7<br/>69zCRkpqg+baF1aQaAVR0fj39aF7M7xXrd/LSk+E4BBiCRSxxRzbWUGYn9qTLR9w<br/>srbpGXqy0aWod9MiwfbTuEzf9uG8XpwOGoRg6p6YBRYE3WrQxIVnYY+KjeeToTEs<br/>+UXZ0iZPrjaGaqKnF+PpkX4CMsqHhxk3iJw+ZFX2V4fVNRYgCOpjejmMjbWM4ABr<br/>eSsCjTU92/YZvFOsTeIzu74h5yM6SH+XTPW2S8Ve5j3mk7sM8nIiYbIyTMWNCJID<br/>HXeodt6eHjhZzV2z7f+/zEngnoITIqz+X3tRcTkHB9+H5jU=<br/>=AtsG<br/>-----END PGP SIGNATURE-----<br/>Xenproject.org Security Team<br/><br/>

Xen 是一个开放源代码虚拟机监视器，由剑桥大学开发。它打算在单个计算机上运行多达100个满特征的操作系统。操作系统必须进行显式地修改（“移植”）以在Xen上运行（但是提供对用户应用的兼容性）。这使得Xen无需特殊硬件支持，就能达到高性能的虚拟化。

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588">CVE-2023-20588</a></p>

暂无

暂无

http://xenbits.xen.org/xsa/advisory-439.html