Xen ProjectXSA-305TSX Asynchronous Abort speculative side channel
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
22.4%
ISSUE DESCRIPTION
This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019.
Please see <a href=âhttps://xenbits.xen.org/xsa/advisory-297.htmlâ>https://xenbits.xen.org/xsa/advisory-297.html</a> for details about MDS.
A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous Abort is a state which occurs between a transaction definitely aborting (usually for reasons outside of the pipelineâs control e.g. receiving an interrupt), and architectural state being rolled back to start of the transaction.
During this period, speculative execution may be able to infer the value of data in the microarchitectural structures.
For more details, see: <a href=âhttps://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abortâ>https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort</a>
IMPACT
An attacker, which could include a malicious untrusted user process on a trusted guest, or an untrusted guest, can sample the content of recently-used memory operands and IO Port writes.
This can include data from:
- A previously executing context (process, or guest, or hypervisor/toolstack) at the same privilege level. * A higher privilege context (kernel, hypervisor, SMM) which interrupted the attackerâs execution.
Vulnerable data is that on the same physical core as the attacker. This includes, when hyper-threading is enabled, adjacent threads.
An attacker cannot use this vulnerability to target specific data. An attack would likely require sampling over a period of time and the application of statistical methods to reconstruct interesting data.
VULNERABLE SYSTEMS
Systems running all versions of Xen are affected.
Only x86 processors are vulnerable. ARM processors are not believed to be vulnerable.
Only Intel based processors are affected. Processors from other manufacturers (e.g. AMD) are not believed to be vulnerable.
Only Intel processors supporting TSX (Transactional Synchronization eXtensions) are affected.
Systems which have the XSA-297 (MDS) fixes, and do not enumerate MDS_NO (Hardware fixes to MDS) are not vulnerable to TAA (XSA-305). (Specifically, the XSA-297 changes of using VERW flushing and disabling HyperThreading will prevent data leakage via both MDS and TAA.)
If the XSA-297 Xen patches for MDS have been applied, Xen will identify at boot if the CPU reports MDS_NO. i.e.
[root@localhost ~]# xl dmesg | grep MDS_NO (XEN) Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD MD_CLEAR IBRS_ALL RDCL_NO SKIP_L1DFL MDS_NO
Support for TSX is reported by Linux (>=3.4) as hle' and rtmâ in the cpu flags (`grep -e hle -e rtm /proc/cpuinfoâ). (Note that applying Option A from Resolution, below, will disable TSX so suppressing this report, even if the CPU would be vulnerable with TSX enabled.)
In summary: systems which support TSX and enumerate MDS_NO are vulnerable to XSA-305 (TAA).
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
22.4%