5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
31.0%
x86 has a hardware mechanism for lazy FPU context switching. On a task switch, %cr0.ts (Task Switched) gets set, and the next instruction to touch floating point state raises an #NM (No Math, later known as Device Not Available) exception.
Traditionally, FPU state has been large in comparison to available bandwidth (and therefore slow to switch) and not used as frequently as cpu tasks tend to switch. This mechanism allows the OS to only switch FPU when necessary, which in turn increases performance.
Some CPUs however speculate past an #NM exception, allowing register content to be leaked by a side-channel.
For more details, see: <a href=âhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.htmlâ>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html</a>
An attacker can read x87/MMX/SSE/AVX/AVX-512 register state belonging to another vCPU previously scheduled on the same processor. This can be state belonging a different guest, or state belonging to a different thread inside the same guest.
Furthermore, similar changes are expected for OS kernels. Consult your operating system provider for more information.
Systems running all versions of Xen are affected.
Only x86 processors are vulnerable. ARM processors are not known to be affected.
Only Intel Core based processors (from at least Nehalem onwards) are potentially affected. Other processor designs (Intel Atom/Knights range), and other manufacturers (AMD) are not known to be affected.
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
31.0%