|
Message-Id: <E1gldRF-0008MM-VA@xenbits.xenproject.org> Date: Mon, 21 Jan 2019 17:32:45 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 289 v3 - Cache-load gadgets exploitable with L1TF -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-289 version 3 Cache-load gadgets exploitable with L1TF UPDATES IN VERSION 3 ==================== Rewrite text for technical accuracy. Previous references to Spectre v1 gadgets were not correct. In particular, the Xen Security Team is still unaware of any Spectre v1 gadgets in Xen. State that x86 PV guests cannot exploit the vulnerability. Mention use of xen-hptool, and xl global affinity masks, as possible mitigation approaches. ISSUE DESCRIPTION ================= Previously reported vulnerabilities CVE-2017-5753 / XSA-254 (Spectre V1) and CVE-2018-3646 / XSA-273 (L1TF) can, when combined, be leveraged to more easily gather leaked information. A Spectre v1 gadget is a speculation sequence which starts with a conditional branch, contains a memory load who's address is attacker-influenced, and a second action dependent on the content of the first memory load, which opens a sidechannel with the attacker. These gadgets are rare in code, and so far, none have been discovered in Xen. However, the first half of this gadget (i.e. to the first memory load) is a very common sequence to find in compiled C, and forms an arbitrary cache-load gadget. An attacker can combine cache-load gadgets like this to bring data into the cache on on hyperthread of a given CPU core, while L1TF is used on another hyperthread to read the cached data. A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways. (Previously, it was merely expected, and stated in XSA-254 and XSA-273, that such the vulnerabilities would be exploitable.) IMPACT ====== An attacker can potentially read arbitrary host RAM. This includes data belonging to Xen, data belonging to other guests, and data belonging to different security contexts within the same guest. An attacker could be a guest kernel (which can manipulate the pagetables directly), or could be guest userspace either directly (e.g. with mprotect() or similar system call) or indirectly (by gaming the guest kernel's paging subsystem). See XSA-254 and XSA-273 for more general information about the underlying vulnerabilities. VULNERABLE SYSTEMS ================== Systems running all versions of Xen are affected. Only x86 processors are vulnerable. ARM processors are not known to be affected. Only systems with Symmetric Multi Threading (SMT, aka hyperthreading) available and enabled are vulnerable. Only Intel Core based processors (from at least Merom onwards) are potentially affected. Other processor designs (Intel Atom/Knights range), and other manufacturers (AMD) are not known to be affected. Only x86 HVM or PVH guests can exploit the vulnerability. x86 PV guests cannot exploit the vulnerability. MITIGATION ========== As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory. Disabling SMT may be achieved via a BIOS option (preferred) or the "smt=0" hypervisor command line option, or at runtime using `xen-hptool`, or by using the xl global affinity masks. CREDITS ======= This issue was discovered by Norbert Manthey, Julian Stecklina, and Pawel Wieczorkiewicz of the Xen Security Team at Amazon. RESOLUTION ========== These are hardware bugs, so technically speaking they cannot be properly fixed in software. See XSA-273 and XSA-254 for a fuller discussion of the general situation, background, etc. TECHNICAL DETAILS ================= For the specific technical details of the now-known-explitable code patterns, please see the attached patches. These patches are intended by their authors to mitigate these vulnerabilities. In some form they are likely to be included in future Xen releases. We very much welcome this contribution to the Xen community's response to Spectre/L1TF. However: * These patches have not been validated by the Xen Project Security Team. Work is ongoing. * We expect that there may be other exploitable code patterns and gadgets, similar to but beyond those disclosed here. * Should further such exploitable code patterns be discovered, we will not necessarily issue a further advisory, or update this advisory. Instead, we would usually recommend that any improvements to reduce the exploitability be handled in public, in accordance with the public status of the underlying vulnerabilities XSA-273 and XSA-254. * We therefore do not recommend responding to this advisory by applying these patches. Instead, we recommend using hardware without this bug, or failing that, disabling hyperthreading (SMT) as discussed in XSA-273. $ sha256sum xsa289*/* fb58117afd3d69b2bc67001b759bcb8b27d5eddf14bb69596e01b5735a46fc83 xsa289/0000-Cover-Letter.txt 8051f6ac3f945d80368e745fff9568688a5f3ec3d34e88e1f965fe74853a60ac xsa289/0001-lfence-add-function-that-returns-int.patch bc0a26533d56fff11081661546c0b0c0bf3b216dc18b72944dfeef36adb254d4 xsa289/0002-is_hvm-pv_domain-block-speculation.patch ffb445c40064c65b167b5badbb73bf5e00689494a11269684a5e432c96bb5d74 xsa289/0003-is_control_domain-block-speculation.patch 2952ac3f46256a85670b18a3d100d2fc6429fa98bb07dd55abe7ee939f30cb3e xsa289/0004-x86-hvm-block-speculative-accesses.patch c73ceacd649ebc4bc054e6e181283c1c58e3bed3e1d1309e5780e5efbd85461a xsa289/0005-nospec-introduce-method-for-static-arrays.patch 52af8d264e770055d1e3937de0e2ebca408f2a7ec6b8d4fd67270594e2fa17e7 xsa289/0006-x86-hvm-block-speculative-out-of-bound-accesses.patch 6beb965c15b36cc81ba756202f046e5757f6c69b0983abd98e51710b03c9851b xsa289/0007-xen-evtchn-block-speculative-out-of-bound-accesses.patch e48aaee8cf62ee7fc5df9fd07e2b687e53a8e056001d4e6434525ac68346ee18 xsa289/0008-common-gant_table-block-speculative-out-of-bound-acc.patch 8f4fad87aff662901d848add571f5e3d0c08de444cc514391f6f4a133eff14b5 xsa289/0009-x86-hvm-emulate-block-speculative-out-of-bound-acces.patch 43e61e91318c44a56f954c058ce85616df46e5ca424fcad066e631c16add2956 xsa289/0010-x86-vioapic-block-speculative-out-of-bound-accesses.patch 394cdb4c7e15cc2cbaa383b724707a8a87f9e19f729561fd3cf02c3551003911 xsa289/0011-x86-hvm-hpet-block-speculative-out-of-bound-accesses.patch 54a3f85f887b9ce596b5908a62e3efff76c79502941b71fd520a4170299e21c0 xsa289/0012-common-memory-block-speculative-out-of-bound-accesse.patch e87a89f333873a3b96318adfdd5fde8317b3a2062e7f330fc5398e0e5eade213 xsa289/0013-x86-CPUID-block-speculative-out-of-bound-accesses.patch 94957ed06308e9af120373be6807fd3b044de8a35b7088c10c78b496596664f2 xsa289/detect-spectre-candidates.sh 8569b7be345e01365ea4ecdd22ed00b21343d4234d83f5ce4bb11191c918354e xsa289/sorted-gadgets.txt $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlxGAjMMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ7MUH/RUVelZ4yX8+2V/fpU02toqDnc0GhxNWepxpcOJ4 ma8U0i1nAwCyAFUAsn5K/pLn4dldyt8P+YdO9oDxasTuDTXo/Ussn/i5JkzpIaWX dspy7lfOOduxEiqNLJ6VilAQs742sOUmQiVA6P+ZQUvMjaHtpT9qWBLaHD4C56TQ UaHl14Iog6RbWIFikAme57iEyQ4QlCI9lEvGEYLF9FTyezsZZp+RFsszmDGa7hWo UfHdKsxmC9RohRjM59nPjU7ZgUrTnbWkn4ShXLMZnDvj1MPtC9QxLXQgGIBST8ET FrXMRRdg1fcUk6m0FMHhPx83gs/eWz5He+4qC/QZhfZDTfw= =/mfS -----END PGP SIGNATURE----- Download attachment "xsa289/0000-Cover-Letter.txt" of type "application/octet-stream" (4098 bytes) Download attachment "xsa289/0001-lfence-add-function-that-returns-int.patch" of type "application/octet-stream" (1505 bytes) Download attachment "xsa289/0002-is_hvm-pv_domain-block-speculation.patch" of type "application/octet-stream" (1490 bytes) Download attachment "xsa289/0003-is_control_domain-block-speculation.patch" of type "application/octet-stream" (1504 bytes) Download attachment "xsa289/0004-x86-hvm-block-speculative-accesses.patch" of type "application/octet-stream" (1427 bytes) Download attachment "xsa289/0005-nospec-introduce-method-for-static-arrays.patch" of type "application/octet-stream" (1376 bytes) Download attachment "xsa289/0006-x86-hvm-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (3719 bytes) Download attachment "xsa289/0007-xen-evtchn-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (9143 bytes) Download attachment "xsa289/0008-common-gant_table-block-speculative-out-of-bound-acc.patch" of type "application/octet-stream" (3561 bytes) Download attachment "xsa289/0009-x86-hvm-emulate-block-speculative-out-of-bound-acces.patch" of type "application/octet-stream" (1887 bytes) Download attachment "xsa289/0010-x86-vioapic-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (4122 bytes) Download attachment "xsa289/0011-x86-hvm-hpet-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (3102 bytes) Download attachment "xsa289/0012-common-memory-block-speculative-out-of-bound-accesse.patch" of type "application/octet-stream" (1746 bytes) Download attachment "xsa289/0013-x86-CPUID-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (1500 bytes) Download attachment "xsa289/detect-spectre-candidates.sh" of type "application/octet-stream" (3193 bytes) Download attachment "xsa289/sorted-gadgets.txt" of type "application/octet-stream" (68537 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.