Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Jan 2019 17:32:45 +0000
From: security team <>
CC: security team <>
Subject: Xen Security Advisory 289 v3 - Cache-load gadgets exploitable
 with L1TF

Hash: SHA256

                    Xen Security Advisory XSA-289
                              version 3

               Cache-load gadgets exploitable with L1TF


Rewrite text for technical accuracy.  Previous references to Spectre v1
gadgets were not correct.  In particular, the Xen Security Team is still
unaware of any Spectre v1 gadgets in Xen.

State that x86 PV guests cannot exploit the vulnerability.

Mention use of xen-hptool, and xl global affinity masks, as possible
mitigation approaches.


Previously reported vulnerabilities CVE-2017-5753 / XSA-254 (Spectre V1)
and CVE-2018-3646 / XSA-273 (L1TF) can, when combined, be leveraged to
more easily gather leaked information.

A Spectre v1 gadget is a speculation sequence which starts with a
conditional branch, contains a memory load who's address is
attacker-influenced, and a second action dependent on the content of the
first memory load, which opens a sidechannel with the attacker.

These gadgets are rare in code, and so far, none have been discovered in
Xen.  However, the first half of this gadget (i.e. to the first memory
load) is a very common sequence to find in compiled C, and forms an
arbitrary cache-load gadget.

An attacker can combine cache-load gadgets like this to bring data into
the cache on on hyperthread of a given CPU core, while L1TF is used on
another hyperthread to read the cached data.

A number of specific exploitable gadgets have been identified.

There are no new vulnerabilities.  There is only new information about
existing vulnerabilities: specifically, confirmation that existing,
previously disclosed, vulnerabilities, can be exploited in specific
ways.  (Previously, it was merely expected, and stated in XSA-254 and
XSA-273, that such the vulnerabilities would be exploitable.)


An attacker can potentially read arbitrary host RAM.  This includes data
belonging to Xen, data belonging to other guests, and data belonging to
different security contexts within the same guest.

An attacker could be a guest kernel (which can manipulate the pagetables
directly), or could be guest userspace either directly (e.g. with
mprotect() or similar system call) or indirectly (by gaming the guest
kernel's paging subsystem).

See XSA-254 and XSA-273 for more general information about the
underlying vulnerabilities.


Systems running all versions of Xen are affected.

Only x86 processors are vulnerable.  ARM processors are not known to be

Only systems with Symmetric Multi Threading (SMT, aka hyperthreading)
available and enabled are vulnerable.

Only Intel Core based processors (from at least Merom onwards) are
potentially affected.  Other processor designs (Intel Atom/Knights
range), and other manufacturers (AMD) are not known to be affected.

Only x86 HVM or PVH guests can exploit the vulnerability.  x86 PV guests
cannot exploit the vulnerability.


As discussed in XSA-273, disabling SMT / hyperthreading will avoid the
L1TF vulnerability.  It will therefore prevent the use of the
exploitable code patterns discussed in this advisory.  Disabling SMT
may be achieved via a BIOS option (preferred) or the "smt=0"
hypervisor command line option, or at runtime using `xen-hptool`, or by
using the xl global affinity masks.


This issue was discovered by Norbert Manthey, Julian Stecklina, and
Pawel Wieczorkiewicz of the Xen Security Team at Amazon.


These are hardware bugs, so technically speaking they cannot be
properly fixed in software.

See XSA-273 and XSA-254 for a fuller discussion of the general
situation, background, etc.


For the specific technical details of the now-known-explitable code
patterns, please see the attached patches.

These patches are intended by their authors to mitigate these
vulnerabilities.  In some form they are likely to be included in
future Xen releases.  We very much welcome this contribution to the
Xen community's response to Spectre/L1TF.


 * These patches have not been validated by the Xen Project
   Security Team.  Work is ongoing.

 * We expect that there may be other exploitable code patterns and
   gadgets, similar to but beyond those disclosed here.

 * Should further such exploitable code patterns be discovered, we
   will not necessarily issue a further advisory, or update this
   advisory.  Instead, we would usually recommend that any
   improvements to reduce the exploitability be handled in public, in
   accordance with the public status of the underlying vulnerabilities
   XSA-273 and XSA-254.

 * We therefore do not recommend responding to this advisory by
   applying these patches.  Instead, we recommend using hardware
   without this bug, or failing that, disabling hyperthreading (SMT)
   as discussed in XSA-273.

$ sha256sum xsa289*/*
fb58117afd3d69b2bc67001b759bcb8b27d5eddf14bb69596e01b5735a46fc83  xsa289/0000-Cover-Letter.txt
8051f6ac3f945d80368e745fff9568688a5f3ec3d34e88e1f965fe74853a60ac  xsa289/0001-lfence-add-function-that-returns-int.patch
bc0a26533d56fff11081661546c0b0c0bf3b216dc18b72944dfeef36adb254d4  xsa289/0002-is_hvm-pv_domain-block-speculation.patch
ffb445c40064c65b167b5badbb73bf5e00689494a11269684a5e432c96bb5d74  xsa289/0003-is_control_domain-block-speculation.patch
2952ac3f46256a85670b18a3d100d2fc6429fa98bb07dd55abe7ee939f30cb3e  xsa289/0004-x86-hvm-block-speculative-accesses.patch
c73ceacd649ebc4bc054e6e181283c1c58e3bed3e1d1309e5780e5efbd85461a  xsa289/0005-nospec-introduce-method-for-static-arrays.patch
52af8d264e770055d1e3937de0e2ebca408f2a7ec6b8d4fd67270594e2fa17e7  xsa289/0006-x86-hvm-block-speculative-out-of-bound-accesses.patch
6beb965c15b36cc81ba756202f046e5757f6c69b0983abd98e51710b03c9851b  xsa289/0007-xen-evtchn-block-speculative-out-of-bound-accesses.patch
e48aaee8cf62ee7fc5df9fd07e2b687e53a8e056001d4e6434525ac68346ee18  xsa289/0008-common-gant_table-block-speculative-out-of-bound-acc.patch
8f4fad87aff662901d848add571f5e3d0c08de444cc514391f6f4a133eff14b5  xsa289/0009-x86-hvm-emulate-block-speculative-out-of-bound-acces.patch
43e61e91318c44a56f954c058ce85616df46e5ca424fcad066e631c16add2956  xsa289/0010-x86-vioapic-block-speculative-out-of-bound-accesses.patch
394cdb4c7e15cc2cbaa383b724707a8a87f9e19f729561fd3cf02c3551003911  xsa289/0011-x86-hvm-hpet-block-speculative-out-of-bound-accesses.patch
54a3f85f887b9ce596b5908a62e3efff76c79502941b71fd520a4170299e21c0  xsa289/0012-common-memory-block-speculative-out-of-bound-accesse.patch
e87a89f333873a3b96318adfdd5fde8317b3a2062e7f330fc5398e0e5eade213  xsa289/0013-x86-CPUID-block-speculative-out-of-bound-accesses.patch
94957ed06308e9af120373be6807fd3b044de8a35b7088c10c78b496596664f2  xsa289/
8569b7be345e01365ea4ecdd22ed00b21343d4234d83f5ce4bb11191c918354e  xsa289/sorted-gadgets.txt


Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:


Download attachment "xsa289/0000-Cover-Letter.txt" of type "application/octet-stream" (4098 bytes)

Download attachment "xsa289/0001-lfence-add-function-that-returns-int.patch" of type "application/octet-stream" (1505 bytes)

Download attachment "xsa289/0002-is_hvm-pv_domain-block-speculation.patch" of type "application/octet-stream" (1490 bytes)

Download attachment "xsa289/0003-is_control_domain-block-speculation.patch" of type "application/octet-stream" (1504 bytes)

Download attachment "xsa289/0004-x86-hvm-block-speculative-accesses.patch" of type "application/octet-stream" (1427 bytes)

Download attachment "xsa289/0005-nospec-introduce-method-for-static-arrays.patch" of type "application/octet-stream" (1376 bytes)

Download attachment "xsa289/0006-x86-hvm-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (3719 bytes)

Download attachment "xsa289/0007-xen-evtchn-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (9143 bytes)

Download attachment "xsa289/0008-common-gant_table-block-speculative-out-of-bound-acc.patch" of type "application/octet-stream" (3561 bytes)

Download attachment "xsa289/0009-x86-hvm-emulate-block-speculative-out-of-bound-acces.patch" of type "application/octet-stream" (1887 bytes)

Download attachment "xsa289/0010-x86-vioapic-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (4122 bytes)

Download attachment "xsa289/0011-x86-hvm-hpet-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (3102 bytes)

Download attachment "xsa289/0012-common-memory-block-speculative-out-of-bound-accesse.patch" of type "application/octet-stream" (1746 bytes)

Download attachment "xsa289/0013-x86-CPUID-block-speculative-out-of-bound-accesses.patch" of type "application/octet-stream" (1500 bytes)

Download attachment "xsa289/" of type "application/octet-stream" (3193 bytes)

Download attachment "xsa289/sorted-gadgets.txt" of type "application/octet-stream" (68537 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.