https://xenbits.xen.org/xsa/advisory-320.html (SRBDS) x86: MMIO Stale Data vulnerabilities - vulnerability database | Vulners.comhttps://xenbits.xen.org/xsa/advisory-320.html (SRBDS) https://xenbits.xen.org/xsa/advisory-320.html (SRBDS) https://xenbits.xen.org/xsa/advisory-320.html (SRBDS)
Basic search

K
xenXen ProjectXSA-404
HistoryJun 14, 2022 - 6:21 p.m.

x86: MMIO Stale Data vulnerabilities

2022-06-1418:21:00
Xen Project
xenbits.xen.org
38

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.2%

ISSUE DESCRIPTION

This issue is related to the SRBDS, TAA and MDS vulnerabilities. Please see:
<a href=“https://xenbits.xen.org/xsa/advisory-320.html”>https://xenbits.xen.org/xsa/advisory-320.html</a> (SRBDS) <a href=“https://xenbits.xen.org/xsa/advisory-305.html”>https://xenbits.xen.org/xsa/advisory-305.html</a> (TAA) <a href=“https://xenbits.xen.org/xsa/advisory-297.html”>https://xenbits.xen.org/xsa/advisory-297.html</a> (MDS)
Please see Intel’s whitepaper:
<a href=“https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html”>https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html</a>

IMPACT

An attacker might be able to directly read or infer data from other security contexts in the system. This can include data belonging to other VMs, or to Xen itself. The degree to which an attacker can obtain data depends on the CPU, and the system configuration.

VULNERABLE SYSTEMS

Systems running all versions of Xen are affected.
Only x86 processors are vulnerable. Processors from other manufacturers (e.g. ARM) are not believed to be vulnerable.
Only Intel based processors are affected. Processors from other x86 manufacturers (e.g. AMD) are not believed to be vulnerable.
Please consult the Intel Security Advisory for details on the affected processors and configurations.
Per Xen’s support statement, PCI passthrough should be to trusted domains because the overall system security depends on factors outside of Xen’s control.
As such, Xen, in a supported configuration, is not vulnerable to DRPW/SBDR.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.2%