[XSA-452] x86: Register File Data Sampling
ISSUE DESCRIPTION
Intel have disclosed RFDS, Register File Data Sampling, affecting some
Atom cores.
This came from internal validation work. There is no information
provided about how an attacker might go about inferring data from the
register files.
For more details, see:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
IMPACT
An attacker might be able to infer the contents of data held previously
in floating point, vector and/or integer register files on the same
logical processor, including data from a more privileged context.
Note: None of the vulnerable processors support HyperThreading, so there
is no instantaneous exposure of data from other threads.
VULNERABLE SYSTEMS
Systems running all versions of Xen are affected.
RFDS is only known to affect certain Atom processors from Intel. Other
Intel CPUs, and CPUs from other hardware vendors are not known to be
affected.
RFDS affects Atom processors between the Goldmont and Gracemont
microarchitectures. This includes Alder Lake and Raptor Lake hybrid
client systems which have a mix of Gracemont and other types of cores.
| Package | Affected Version |
|---|---|
 pkg:generic/xen
|
= 4.15.x |
|
pkg:generic/xen
|
= 4.16.x |
|
pkg:generic/xen
|
= 4.17.x |
|
pkg:generic/xen
|
= 4.18.x |
- ID
- XSA-452
- Severity
- medium
- Severity from
- CVE-2023-28746
- URL
- http://xenbits.xen.org/xsa/advisory-452.html
- Published
-
2024-03-12T16:44:00
(6 months ago) - Modified
-
2024-03-12T16:44:00
(6 months ago) - Rights
- Xen Project
- Other Advisories
-
-
ALPINE:CVE-2023-28746
-
ALSA-2024:5101
-
DSA-5681-1
-
ELSA-2024-5101
-
FEDORA-2024-29f57f1b4e
-
FEDORA-2024-3a36322c4b
-
FEDORA-2024-96f3c3f3d3
-
FEDORA-2024-9e9f53d01d
-
FEDORA-2024-f3692f8528
-
FREEBSD:B6DD9D93-E09B-11EE-92FC-1C697A616631
-
MS:CVE-2023-28746
-
RHSA-2024:5101
-
RLSA-2024:5101
-
SUSE-SU-2024:0856-1
-
SUSE-SU-2024:0857-1
-
SUSE-SU-2024:0858-1
-
SUSE-SU-2024:0900-1
-
SUSE-SU-2024:0900-2
-
SUSE-SU-2024:0910-1
-
SUSE-SU-2024:0917-1
-
SUSE-SU-2024:0925-1
-
SUSE-SU-2024:0926-1
-
SUSE-SU-2024:0975-1
-
SUSE-SU-2024:0976-1
-
SUSE-SU-2024:0977-1
-
SUSE-SU-2024:1101-1
-
SUSE-SU-2024:1102-1
-
SUSE-SU-2024:1105-1
-
SUSE-SU-2024:1139-1
-
SUSE-SU-2024:1152-1
-
SUSE-SU-2024:1321-1
-
SUSE-SU-2024:1322-1
-
SUSE-SU-2024:1454-1
-
SUSE-SU-2024:1466-1
-
SUSE-SU-2024:1480-1
-
SUSE-SU-2024:1489-1
-
SUSE-SU-2024:1490-1
-
SUSE-SU-2024:1643-1
-
SUSE-SU-2024:1648-1
-
SUSE-SU-2024:1669-1
-
SUSE-SU-2024:1870-1
-
SUSE-SU-2024:2535-1
-
USN-6797-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Xen Project | XSA-452 | Security Advisory |
|
| Xen Project | XSA-452 | Signed Security Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:generic/xen | xen | = 4.15.x | ||||
| Affected | pkg:generic/xen | xen | = 4.16.x | ||||
| Affected | pkg:generic/xen | xen | = 4.17.x | ||||
| Affected | pkg:generic/xen | xen | = 4.18.x |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |