Information

AdvisoryXSA-398
Public release 2022-03-08 18:12
Updated 2022-03-18 14:39
Version 2
CVE(s) none (yet) assigned
Title Multiple speculative security issues

Files

advisory-398.txt (signed advisory file)
xsa398.meta
xsa398/xsa398-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.12-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-4.12-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-4.12-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.12-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-4.12-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-4.12-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
xsa398/xsa398-4.13-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-4.13-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-4.13-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.13-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-4.13-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-4.13-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
xsa398/xsa398-4.14-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-4.14-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-4.14-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.14-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-4.14-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-4.14-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
xsa398/xsa398-4.15-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-4.15-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-4.15-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.15-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-4.15-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-4.15-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
xsa398/xsa398-4.16-1-xen-arm-Introduce-new-Arm-processors.patch
xsa398/xsa398-4.16-2-xen-arm-move-errata-CSV2-check-earlier.patch
xsa398/xsa398-4.16-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
xsa398/xsa398-4.16-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-4.16-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
xsa398/xsa398-4-xen-arm-Add-Spectre-BHB-handling.patch
xsa398/xsa398-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
xsa398/xsa398-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                    Xen Security Advisory XSA-398
                              version 2

                  Multiple speculative security issues

UPDATES IN VERSION 2
====================

 * Provide more specific ARM URL
 * Provide additional link to the Intel technical whitepaper

ISSUE DESCRIPTION
=================

Note: Multiple issues are contained in this XSA due to their interactions.

1) Researchers at VU Amsterdam have discovered Spectre-BHB, pertaining
   to the use of Branch History between privilege levels.

   ARM have assigned CVE-2022-23960.  Intel have assigned CVE-2022-0001
   (Branch History Injection) and CVE-2022-0002 (Intra-mode BTI).  AMD
   have no statement at the time of writing.

   For more details, see:
     https://vusec.net/projects/bhi-spectre-bhb
     https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
     https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
     https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html

2) Researchers at Open Source Security, Inc. have discovered that AMD
   CPUs may speculate beyond direct branches.

   AMD have assigned CVE-2021-26341.

   For more details, see:
     https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
     https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026

3) Researchers at Intel have discovered that previous Spectre-v2
   recommendations of using lfence/jmp is incomplete.

   AMD have assigned CVE-2021-26401.

   For more details, see:
     https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

IMPACT
======

An attacker might be able to infer the contents of arbitrary host
memory, including memory assigned to other guests.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

Whether a CPU is potentially vulnerable depends on its
microarchitecture.  Consult your hardware vendor.

Xen does not have a managed runtime environment, so is not believed to
be vulnerable to CVE-2022-0002 irrespective of any hardware
susceptibility.

Xen does not have any known gadgets vulnerable to Direct Branch Straight
Line Speculation.  Therefore, no changes for CVE-2021-26341 are being
provided at this time.

The AMD BTI (Spectre v2) protections do not depend on isolating
predictions between different privileges, so the fact that Branch
History is shared (just like the Branch Target Buffer) is not believed
to be relevant to existing mitigations.  Therefore, there is no believed
impact from Spectre-BHB on AMD hardware.

Patches to mitigate CVE-2022-23960 on affected ARM CPUs are provided.

Intel have recommended not making any changes by default for
CVE-2022-0001.  Existing Spectre-v2 mitigations on pre-eIBRS hardware
are believed to be sufficient.  On eIBRS capable hardware, there is
uncertainty over the utility of Branch History Injection to an
adversary.  However, the risk can be removed by using eIBRS in
combination with retpoline.

For CVE-2021-26401, AMD have recommended using retpoline in preference
to lfence/jmp as previously recommended to mitigate Spectre-v2.  This
recommendation also mitigates any risk from Branch History Injection.

For both CVE-2022-0001 on Intel, and CVE-2021-26401 on AMD, the
suggestion to use retpoline is incompatible with CET Shadow Stacks as
implemented in Xen 4.14 and later.  The security team has decided that
disabling CET Shadow Stacks to work around speculation problems is not a
reasonable option for downstreams and end users.

Therefore, patches are also provided to:
 * Use IBRS on capable AMD hardware.  This also mitigates
   CVE-2021-26401.
 * Use CET Indirect Branch Tracking on capable Intel hardware.  CET-IBT
   has architectural guarantees about halting speculation, on top of
   being a hardware mechanism to protect against Call/Jump Oriented
   Programming attacks.

Both provide CET Shadow Stack compatible mitigations to these issues.  A
practical consequence of this decision is that CET Shadow Stacks are now
considered security supported, upgraded from Tech Preview previously.

Note: CET-IBT patches are incomplete and will be backported at a later date.

MITIGATION
==========

On AMD systems, CVE-2021-26401 can be mitigated by specifying:

 With CET-SS,    `spec-ctrl=bti-thunk=jmp,ibrs`
 Without CET-SS, `spec-ctrl=bti-thunk=retpoline`

on Xen's command line, and rebooting.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa398/xsa398-?-*.patch         xen-unstable
xsa398/xsa398-4.16-*.patch      Xen 4.16.x
xsa398/xsa398-4.15-*.patch      Xen 4.15.x
xsa398/xsa398-4.14-*.patch      Xen 4.14.x
xsa398/xsa398-4.13-*.patch      Xen 4.13.x
xsa398/xsa398-4.12-*.patch      Xen 4.12.x

$ sha256sum xsa398* xsa398*/*
9219c48d103a7eeda0fa9cbb5fc5b2265713589e29a9a483d0f3fb6523859903  xsa398.meta
32e7a7627609de2273fe474979e339f6a578cbcf7ce007b6a047954a31aec135  xsa398/xsa398-1-xen-arm-Introduce-new-Arm-processors.patch
ef701fd64cfdd838299391cd736749db70ac3b18251d17768d42f4a610dda1be  xsa398/xsa398-2-xen-arm-move-errata-CSV2-check-earlier.patch
4d574bc40555f068608a595ade23ecdc224f8c0af86f447cba6e765d4ccde3ad  xsa398/xsa398-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
29a2880ab4fa492deecd2f3dc590609d0df5e9210565ab4121be0d731c4140b0  xsa398/xsa398-4.12-1-xen-arm-Introduce-new-Arm-processors.patch
b81eb6a0f8ecde53318eeff1ec8bf1b3fd5f1b211a499317f6c596e831a90101  xsa398/xsa398-4.12-2-xen-arm-move-errata-CSV2-check-earlier.patch
a9f5adc44eeeaf5a694f94c91a32e714c765bbcf61066a03e3c52d79d28a3366  xsa398/xsa398-4.12-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
e70d4c06f789c8f5f45c7e27289f8c7aa4c448a6e33f67fb113630ed79382fd9  xsa398/xsa398-4.12-4-xen-arm-Add-Spectre-BHB-handling.patch
6766c0b0d89f3be90046c05358e8b7c43c87b3e1012118af013faa098e783e74  xsa398/xsa398-4.12-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
fd047878fd53e130cd7d8cfd1d50334a958e7e962606afaacd5aa1da186f6341  xsa398/xsa398-4.12-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
1ef4fae89d2bc75e33eb6c8e5f55d0b6f5ba45a274f6d3b5ea7e2eef4c08ad63  xsa398/xsa398-4.13-1-xen-arm-Introduce-new-Arm-processors.patch
b0c25a34055dd5401dff1686f4f7ab978c6a449a76aa0e1b369f483fa184851a  xsa398/xsa398-4.13-2-xen-arm-move-errata-CSV2-check-earlier.patch
c6ffa2818480740dc30e232215531ab69c252e564df365c466e759886b207450  xsa398/xsa398-4.13-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
a272621b1f03b2096a41d675b3ed46ff2c737cd2afcb3e2156a7ec2f8c31748b  xsa398/xsa398-4.13-4-xen-arm-Add-Spectre-BHB-handling.patch
8df9f4d3e7bd154246ebe7cd1bc0908ead1076aa35c0a183cd95359aa2173ad0  xsa398/xsa398-4.13-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
02c3a3c45bf3c2592bbc809ce4a8eb24d0b9d31856e9641d5566af68ebf2b476  xsa398/xsa398-4.13-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
59edd0b8303a39451893d425b8e7ab8aeacf3e6d0bf460ba66a3a323dc0e3145  xsa398/xsa398-4.14-1-xen-arm-Introduce-new-Arm-processors.patch
60bd3003759404b60fd8a7dcf0de87a13463bf64c3724f8fe6570e07c515cecb  xsa398/xsa398-4.14-2-xen-arm-move-errata-CSV2-check-earlier.patch
138511c69d00ef1dc0dfe5432af06d744e7b66945bada78024e343943fc001f2  xsa398/xsa398-4.14-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
9c1b338511422629c98f11c42da27b1cd82435decc0531bca6b8a51218909101  xsa398/xsa398-4.14-4-xen-arm-Add-Spectre-BHB-handling.patch
1a212de641ac1cebfc1aee32c55e9f8bfac6b059f5419ed62589eed99cc0dea5  xsa398/xsa398-4.14-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
da382a5baee60ecdf8b4cb0da2c1901b23f324b03dbbe33018fb825e70f78446  xsa398/xsa398-4.14-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
296e5fdd53328e768908a4e790959841264a410548b4f52f7ccdcf793e9aca7a  xsa398/xsa398-4.15-1-xen-arm-Introduce-new-Arm-processors.patch
4498957a1f91c69e2a72cfcfb88804537ee0c05f05fa5d898f452a4dc8205f9e  xsa398/xsa398-4.15-2-xen-arm-move-errata-CSV2-check-earlier.patch
2f2b9ec3945283e48486cfd32d5b4343892040d48adc105a89e15953a128df3d  xsa398/xsa398-4.15-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
6d0ade4dfb59fc87c7ae22e4faa333fb5ccef5ecc595de58ef9bcf35f4e3eb26  xsa398/xsa398-4.15-4-xen-arm-Add-Spectre-BHB-handling.patch
77a0a93cd9617c8f0ec0bab1b79f6ed60cab20f5b6ea76a9b6158c4d3a1d0d89  xsa398/xsa398-4.15-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
7df5b320c5887c72c8ed4ffe5b4bcdce9263fde76fe6a67e0876933f8d1ebcff  xsa398/xsa398-4.15-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
92bdba8102f88a2c9d71b46df4db43176fbf0082f9d438101407dbb7e6d458c6  xsa398/xsa398-4.16-1-xen-arm-Introduce-new-Arm-processors.patch
0c9a6fbebc13a0dee288d67a94562fd76e3c6aec20b543c66ac2c16a812973ee  xsa398/xsa398-4.16-2-xen-arm-move-errata-CSV2-check-earlier.patch
4f084857ed79af49d2814c02ff6e090a14d77bb0f0d29ac6ddce3576fdb98c68  xsa398/xsa398-4.16-3-xen-arm-Add-ECBHB-and-CLEARBHB-ID-fields.patch
8032757effe8dbc5ef8479403461e604b1520f007489620eace3857b467a4fe2  xsa398/xsa398-4.16-4-xen-arm-Add-Spectre-BHB-handling.patch
3763998bb62d9b251b9358edff220fd22847729768c98dbd46362c290041025b  xsa398/xsa398-4.16-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
114f07da2d79f45e0fa45c826c308b273e8c29b6d458bac10fe1aa231a3c2748  xsa398/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
1bedca674ecee5437e492e2f71275cd32e799d839d26a8f0d75ddee44db2e4d2  xsa398/xsa398-4-xen-arm-Add-Spectre-BHB-handling.patch
6d63089af3eca863599bbe20e26f1f12d2d9c9b637317e7af44fc59750b09f77  xsa398/xsa398-5-xen-arm-Allow-to-discover-and-use-SMCCC_ARCH_WORKARO.patch
f79e357079744bbee3e1f7d99d93196e925739297a16fdd8bc1cc86d3b846ce3  xsa398/xsa398-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch
$
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmI0maAMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ/kMIAKi717qEq8DKT4tIzIUzSdK1TuZacTC1ab9MI6Ch
LNK/+ra8TYB/o773nF7WXAHJLQkl8qoRG2zZMRPaKTSMjRQaj2J96/8Jk/Th2Ocu
jb4n1XjJ72BJNwGgegjsPqJvKnv4HWT/pNnHciYKSHB0tPSoOvySlNZAhvTXIM7a
aOekPV+cYVrBRM3JEIvcdaPJBpJHil1erkIlaDQy4tUHzYgHzvE/SQ/lEMFCzEsD
Bd70bTxmojn11Z6TcNPdMv2TPNQcuQvVrzJh0EhKqfGwO6bGbI5jffWs7NIPQ7PU
2OBSYYKa2kv0u1/5XxykqgXrdE34VV8gYXhDUKMvWFGe6d0=
=xHd2
-----END PGP SIGNATURE-----


Xenproject.org Security Team