[XSA-263] Speculative Store Bypass
ISSUE DESCRIPTION
Contemporary high performance processors may use a technique commonly
known as Memory Disambiguation, whereby speculative execution may
proceed past unresolved stores. This opens a speculative sidechannel in
which loads from an address which have had a recent store can observe
and operate on the older, stale, value.
For more details, see:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.amd.com/securityupdates
IMPACT
An attacker who can locate or create a suitable code gadget in a
different privilege context may be able to infer the content of
arbitrary memory accessible to that other privilege context.
At the time of writing, there are no known vulnerable gadgets in the
compiled hypervisor code. Xen has no interfaces which allow JIT code
to be provided. Therefore we believe that the hypervisor itself is
not vulnerable. Additionally, we do not think there is a viable
information leak by one Xen guest against another non-cooperating
guest.
However, in most configurations, within-guest information leak is
possible. Mitigation for this generally depends on guest changes (for
which you must consult your OS vendor) and on hypervisor support,
provided in this advisory.
VULNERABLE SYSTEMS
Systems running all versions of Xen are affected.
Processors from all vendors are affected to different extents.
Further communication will be made for Arm. See
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
for more details.
Package | Affected Version |
---|---|
pkg:generic/xen | = 4.6.x |
pkg:generic/xen | = 4.7.x |
pkg:generic/xen | = 4.8.x |
pkg:generic/xen | = 4.9.x |
pkg:generic/xen | = 4.10.x |
- ID
- XSA-263
- Severity
- medium
- Severity from
- CVE-2018-3639
- URL
- http://xenbits.xen.org/xsa/advisory-263.html
- Published
-
2018-05-21T16:52:00
(6 years ago) - Modified
-
2018-05-21T16:52:00
(6 years ago) - Rights
- Xen Project
- Other Advisories
-
- ALAS-2018-1034
- ALAS-2018-1037
- ALAS-2018-1038
- ALAS-2018-1039
- ALAS2-2018-1033
- ALAS2-2018-1034
- ALAS2-2018-1037
- ALAS2-2018-1038
- ALAS2-2018-1039
- ALAS2-2018-1049
- ALPINE:CVE-2018-3639
- CISCO-SA-20180521-CPUSIDECHANNEL
- DSA-4210-1
- DSA-4273-1
- DSA-4273-2
- ELSA-2018-1629
- ELSA-2018-1632
- ELSA-2018-1633
- ELSA-2018-1647
- ELSA-2018-1648
- ELSA-2018-1649
- ELSA-2018-1650
- ELSA-2018-1651
- ELSA-2018-1660
- ELSA-2018-1669
- ELSA-2018-1854
- ELSA-2018-1965
- ELSA-2018-1997
- ELSA-2018-2001
- ELSA-2018-2162
- ELSA-2018-2164
- ELSA-2018-4114
- ELSA-2018-4126
- ELSA-2018-4198
- ELSA-2018-4235
- ELSA-2018-4285
- ELSA-2018-4289
- ELSA-2019-4531
- ELSA-2019-4585
- FEDORA-2018-0edb45d9db
- FEDORA-2018-1621b2204a
- FEDORA-2018-1a467757ce
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2b053454a4
- FEDORA-2018-2c6bd93875
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-3857a8b41a
- FEDORA-2018-44f8a7454d
- FEDORA-2018-49bda79bd5
- FEDORA-2018-50075276e8
- FEDORA-2018-527698a904
- FEDORA-2018-537c8312fc
- FEDORA-2018-5521156807
- FEDORA-2018-59e4747e0f
- FEDORA-2018-6367a17aa3
- FEDORA-2018-683dfde81a
- FEDORA-2018-6c1be5e1c8
- FEDORA-2018-6e8c330d50
- FEDORA-2018-73dd8de892
- FEDORA-2018-74fb8b257b
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8422d94975
- FEDORA-2018-8484550fff
- FEDORA-2018-915602df63
- FEDORA-2018-93af520878
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-9f02e5ed7b
- FEDORA-2018-9f4381d8c4
- FEDORA-2018-a0914af224
- FEDORA-2018-a7862a75f5
- FEDORA-2018-aec846c0ef
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-bb7aab12cb
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-ca0e10fc6e
- FEDORA-2018-cc812838fb
- FEDORA-2018-d3cb6f113c
- FEDORA-2018-d77cc41f35
- FEDORA-2018-d82a45d9ab
- FEDORA-2018-d92fde52d7
- FEDORA-2018-db0d3e157e
- FEDORA-2018-ddbaca855e
- FEDORA-2018-e820fccd83
- FEDORA-2018-e8f793bbfc
- FEDORA-2018-f1b818a5c9
- FEDORA-2018-f20a0cead5
- FEDORA-2018-f8cba144ae
- FEDORA-2018-fe24359b69
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-20a89ca9af
- FEDORA-2019-337484d88b
- FEDORA-2019-3854a1727e
- FEDORA-2019-3da64f3e61
- FEDORA-2019-3f9a71578d
- FEDORA-2019-4002b91800
- FEDORA-2019-509c133845
- FEDORA-2019-65c6d11eba
- FEDORA-2019-6e146a714c
- FEDORA-2019-7d3500d712
- FEDORA-2019-8f2b27efce
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-a87aba290f
- FEDORA-2019-bce6498890
- FEDORA-2019-c36afa818c
- FEDORA-2019-c701e6605a
- FEDORA-2019-ce2933b003
- FEDORA-2019-ec644ec323
- openSUSE-SU-2019:1438-1
- openSUSE-SU-2020:1325-1
- RHSA-2018:1629
- RHSA-2018:1630
- RHSA-2018:1632
- RHSA-2018:1633
- RHSA-2018:1647
- RHSA-2018:1648
- RHSA-2018:1649
- RHSA-2018:1650
- RHSA-2018:1651
- RHSA-2018:1660
- RHSA-2018:1669
- RHSA-2018:1854
- RHSA-2018:1965
- RHSA-2018:1997
- RHSA-2018:2001
- RHSA-2018:2003
- RHSA-2018:2162
- RHSA-2018:2164
- SSA:2018-208-01
- SUSE-SU-2018:1362-1
- SUSE-SU-2018:1362-2
- SUSE-SU-2018:1363-1
- SUSE-SU-2018:1366-1
- SUSE-SU-2018:1368-1
- SUSE-SU-2018:1374-1
- SUSE-SU-2018:1375-1
- SUSE-SU-2018:1376-1
- SUSE-SU-2018:1377-1
- SUSE-SU-2018:1377-2
- SUSE-SU-2018:1378-1
- SUSE-SU-2018:1386-1
- SUSE-SU-2018:1389-1
- SUSE-SU-2018:1452-1
- SUSE-SU-2018:1456-1
- SUSE-SU-2018:1475-1
- SUSE-SU-2018:1479-1
- SUSE-SU-2018:1582-1
- SUSE-SU-2018:1603-1
- SUSE-SU-2018:1614-1
- SUSE-SU-2018:1614-2
- SUSE-SU-2018:1658-1
- SUSE-SU-2018:1699-1
- SUSE-SU-2018:1699-2
- SUSE-SU-2018:1816-1
- SUSE-SU-2018:1846-1
- SUSE-SU-2018:1926-1
- SUSE-SU-2018:1935-1
- SUSE-SU-2018:1935-2
- SUSE-SU-2018:2076-1
- SUSE-SU-2018:2082-1
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2141-1
- SUSE-SU-2018:2304-1
- SUSE-SU-2018:2331-1
- SUSE-SU-2018:2331-2
- SUSE-SU-2018:2335-1
- SUSE-SU-2018:2338-1
- SUSE-SU-2018:2340-1
- SUSE-SU-2018:2528-1
- SUSE-SU-2018:2556-1
- SUSE-SU-2018:2565-1
- SUSE-SU-2018:2615-1
- SUSE-SU-2018:2650-1
- SUSE-SU-2018:2973-1
- SUSE-SU-2018:2973-2
- SUSE-SU-2018:3064-1
- SUSE-SU-2018:3064-2
- SUSE-SU-2018:3064-3
- SUSE-SU-2018:3555-1
- SUSE-SU-2019:0049-1
- SUSE-SU-2019:0049-2
- SUSE-SU-2019:0148-1
- SUSE-SU-2019:1211-1
- SUSE-SU-2019:1211-2
- SUSE-SU-2019:1219-1
- SUSE-SU-2019:2028-1
- SUSE-SU-2020:2540-1
- SUSE-SU-2020:2605-1
- SUSE-SU-2021:3007-1
- SUSE-SU-2021:3969-1
- SUSE-SU-2023:3324-1
- SUSE-SU-2023:3333-1
- SUSE-SU-2023:3349-1
- USN-3651-1
- USN-3652-1
- USN-3653-1
- USN-3653-2
- USN-3654-1
- USN-3654-2
- USN-3655-1
- USN-3655-2
- USN-3679-1
- USN-3680-1
- USN-3756-1
- USN-3777-3
- VU:180049
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-263 | Security Advisory | http://xenbits.xen.org/xsa/advisory-263.html |
Xen Project | XSA-263 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-263.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen | = 4.6.x | ||||
Affected | pkg:generic/xen | xen | = 4.7.x | ||||
Affected | pkg:generic/xen | xen | = 4.8.x | ||||
Affected | pkg:generic/xen | xen | = 4.9.x | ||||
Affected | pkg:generic/xen | xen | = 4.10.x |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |