5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.7%
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests
32-bit x86 PV guest kernels run in ring 1. At the time when Xen was
developed, this area of the i386 architecture was rarely used, which is why
Xen was able to use it to implement paravirtualisation, Xen’s novel
approach to virtualization. In AMD64, Xen had to use a different
implementation approach, so Xen does not use ring 1 to support 64-bit
guests. With the focus now being on 64-bit systems, and the availability of
explicit hardware support for virtualization, fixing speculation issues in
ring 1 is not a priority for processor companies. Indirect Branch
Restricted Speculation (IBRS) is an architectural x86 extension put
together to combat speculative execution sidechannel attacks, including
Spectre v2. It was retrofitted in microcode to existing CPUs. For more
details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html
However, IBRS does not architecturally protect ring 0 from predictions
learnt in ring 1. For more details, see:
https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation
Similar situations may exist with other mitigations for other kinds of
speculative execution attacks. The situation is quite likely to be similar
for speculative execution attacks which have yet to be discovered,
disclosed, or mitigated.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.7%