https://xenbits.xen.org/xsa/advisory-320.html (SRBDS) x86: MMIO Stale Data vulnerabilities - vulnerability database | Vulners.comhttps://xenbits.xen.org/xsa/advisory-320.html (SRBDS) https://xenbits.xen.org/xsa/advisory-320.html (SRBDS) https://xenbits.xen.org/xsa/advisory-320.html (SRBDS)
Lucene search

K
xenXen ProjectXSA-404
HistoryJun 14, 2022 - 6:21 p.m.

x86: MMIO Stale Data vulnerabilities

2022-06-1418:21:00
Xen Project
xenbits.xen.org
47
x86 processors
srbds
taa
mds
intel
xen
pci passthrough

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.3%

ISSUE DESCRIPTION

This issue is related to the SRBDS, TAA and MDS vulnerabilities. Please see:
<a href=“https://xenbits.xen.org/xsa/advisory-320.html”>https://xenbits.xen.org/xsa/advisory-320.html</a> (SRBDS) <a href=“https://xenbits.xen.org/xsa/advisory-305.html”>https://xenbits.xen.org/xsa/advisory-305.html</a> (TAA) <a href=“https://xenbits.xen.org/xsa/advisory-297.html”>https://xenbits.xen.org/xsa/advisory-297.html</a> (MDS)
Please see Intel’s whitepaper:
<a href=“https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html”>https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html</a>

IMPACT

An attacker might be able to directly read or infer data from other security contexts in the system. This can include data belonging to other VMs, or to Xen itself. The degree to which an attacker can obtain data depends on the CPU, and the system configuration.

VULNERABLE SYSTEMS

Systems running all versions of Xen are affected.
Only x86 processors are vulnerable. Processors from other manufacturers (e.g. ARM) are not believed to be vulnerable.
Only Intel based processors are affected. Processors from other x86 manufacturers (e.g. AMD) are not believed to be vulnerable.
Please consult the Intel Security Advisory for details on the affected processors and configurations.
Per Xen’s support statement, PCI passthrough should be to trusted domains because the overall system security depends on factors outside of Xen’s control.
As such, Xen, in a supported configuration, is not vulnerable to DRPW/SBDR.

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

25.3%