Information

Advisory XSA-263
Public release 2018-05-21 16:52
Updated 2018-05-21 16:52
Version 1
CVE(s) CVE-2018-3639
Title Speculative Store Bypass

Files

advisory-263.txt (signed advisory file)
xsa263.meta
xsa263-unstable/0001-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-unstable/0002-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-unstable/0003-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
xsa263-4.6/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
xsa263-4.6/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
xsa263-4.6/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
xsa263-4.6/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
xsa263-4.6/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
xsa263-4.6/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
xsa263-4.6/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
xsa263-4.6/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
xsa263-4.6/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
xsa263-4.6/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
xsa263-4.6/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-4.6/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-4.6/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
xsa263-4.7/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
xsa263-4.7/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
xsa263-4.7/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
xsa263-4.7/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
xsa263-4.7/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
xsa263-4.7/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
xsa263-4.7/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
xsa263-4.7/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
xsa263-4.7/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
xsa263-4.7/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
xsa263-4.7/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
xsa263-4.7/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-4.7/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-4.7/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
xsa263-4.8/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
xsa263-4.8/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
xsa263-4.8/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
xsa263-4.8/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
xsa263-4.8/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
xsa263-4.8/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
xsa263-4.8/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
xsa263-4.8/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
xsa263-4.8/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
xsa263-4.8/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
xsa263-4.8/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
xsa263-4.8/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-4.8/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-4.8/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
xsa263-4.9/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
xsa263-4.9/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
xsa263-4.9/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
xsa263-4.9/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
xsa263-4.9/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
xsa263-4.9/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
xsa263-4.9/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
xsa263-4.9/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
xsa263-4.9/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
xsa263-4.9/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
xsa263-4.9/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-4.9/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-4.9/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
xsa263-4.10/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
xsa263-4.10/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
xsa263-4.10/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
xsa263-4.10/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
xsa263-4.10/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
xsa263-4.10/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
xsa263-4.10/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
xsa263-4.10/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
xsa263-4.10/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
xsa263-4.10/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
xsa263-4.10/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
xsa263-4.10/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
xsa263-4.10/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2018-3639 / XSA-263

                       Speculative Store Bypass

ISSUE DESCRIPTION
=================

Contemporary high performance processors may use a technique commonly
known as Memory Disambiguation, whereby speculative execution may
proceed past unresolved stores.  This opens a speculative sidechannel in
which loads from an address which have had a recent store can observe
and operate on the older, stale, value.

For more details, see:
  https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
  https://www.amd.com/securityupdates

IMPACT
======

An attacker who can locate or create a suitable code gadget in a
different privilege context may be able to infer the content of
arbitrary memory accessible to that other privilege context.

At the time of writing, there are no known vulnerable gadgets in the
compiled hypervisor code.  Xen has no interfaces which allow JIT code
to be provided.  Therefore we believe that the hypervisor itself is
not vulnerable.  Additionally, we do not think there is a viable
information leak by one Xen guest against another non-cooperating
guest.

However, in most configurations, within-guest information leak is
possible.  Mitigation for this generally depends on guest changes (for
which you must consult your OS vendor) *and* on hypervisor support,
provided in this advisory.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

Processors from all vendors are affected to different extents.

Further communication will be made for Arm. See
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
for more details.

MITIGATION
==========

This issue can be mitigated with a combination of software and firmware
changes.

RESOLUTION
==========

This is a hardware bug.  The primary mitigation in Xen context is
modification of guests, especially JITs in guests, to avoid generating
vulnerable code.  Such modifications do not require support from Xen.

Alternatively, the following patches provide some workarounds:

On AMD hardware, for Fam15h processors and later, the patches offer a
host-wide global control for whether Memory Disambiguation is enabled
(default) or disabled.  Controls are not virtualised for guests.  When
the global control is set to disabled (`spec-ctrl=ssbd' on the
hypervisor command line), the vulnerability is eliminated without the
need for other guest or hypervisor changes.

On Intel hardware, a microcode update is required in order to work
around the problem by disabling memory disambiguation.  Consult your
hardware vendor or your dom0 OS distributor for the firmware/microcode
update.  With the microcode update in place, the patches offer a
host-wide control (which would eliminate the vulnerability on the
whole system without guest changes), and virtualised controls for
guests to use (which addresses the issue in a guest-specific manner).
Consult your guest operating system vendors, for further information
and advice.

(Additionally, host firmware may be vulnerable and may require updates
for that reason.  Consult your hardware vendor.)

xsa263-unstable/*.patch  xen-unstable
xsa263-4.10/*.patch      Xen 4.10.x
xsa263-4.9/*.patch       Xen 4.9.x
xsa263-4.8/*.patch       Xen 4.8.x
xsa263-4.7/*.patch       Xen 4.7.x
xsa263-4.6/*.patch       Xen 4.6.x

$ sha256sum xsa263* xsa263*/*
0751367b3e92580514297392292e2705c817f75a3553463feaee7d6ed769f12b  xsa263.meta
2143d7801db550b693abb8e1fd16bee186a92e79ae33bfe9bef613334dffa7f3  xsa263-unstable/0001-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
ef9c36d50dfdf34fa65aa5195d24af09a86f117ba8ed3655dad017d44668cd6b  xsa263-unstable/0002-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
bc44d297e2ae51deefd18bfa1990ac5081aa0dcfd45f5ce3452b917aff7f0915  xsa263-unstable/0003-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
92451b6d7e0e98f96fad7de78fab8496cbbc18447fb8044a1dece8a8d5d44562  xsa263-4.6/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
201adebebce630db211d369d92534e33411f92ad8a809f5c778f31c3cfe8a716  xsa263-4.6/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
7e487e6927e9d0acbbde65a1126f8f7f020007ebd2d5c41f9b4b3c56df2a7db2  xsa263-4.6/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
2cb64b3ca057f7e37eafe8afa69eed58aa307333bd905549d685d3f0887974d8  xsa263-4.6/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
e3d4f0280a7c1ef901f4cf3686b237139dfdfdb161b858e310b559c534c8ee3a  xsa263-4.6/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
988b261e4feb3706c21b8587b06db8fd36707707c8f79edfaaa9a8354c839eea  xsa263-4.6/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
c8ad66195aba972a1d20d8fd304f79b9a2f1f9bc71b154cd340ef2a9525f678b  xsa263-4.6/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
67f4a26aa92161ab46e369d9ef55f76581d7657520cf363384e6c11c50e03104  xsa263-4.6/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
a72acc1142641f8a7b4d0ed44fa85bcaf766f0ad240749ab7631698639db859c  xsa263-4.6/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
d66d809b3255fd039ecb8a5500370d3e6ef17992298ed68de9a785df26796272  xsa263-4.6/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
b6779decba081261c4f600aab4d732d170f2d1dae8b4e694c905dc6c588ac54c  xsa263-4.6/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
79e9eca02880bdb30f17dd7d90b5cbfb8d743abc637335b5920edc91bdb01f33  xsa263-4.6/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
700a98e8f3251664349abd76ba28365017f6e7be75cea3008c7eb110e911ca58  xsa263-4.6/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
1805a7394ddee85c94adf3e8513a41b3f269e3d0fbb2a26bb1ae8d6fbbef7148  xsa263-4.7/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
082e868801a1435bd8e68013aa799433f3c2688ea77a19644dcc3af4fe36c2e2  xsa263-4.7/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
1136be258338ae27b7439635ae745a4cb0a3b5a595fbff4c3d1e75a9d1258889  xsa263-4.7/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
dc6e236b5d846f108ffba44bd10146caf78f7b843f51f98f514d1b07683a4a87  xsa263-4.7/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
7a92156ade9f658bce7f34b0ecb797f3087a92bd41048b492bf09cea8fc4c40d  xsa263-4.7/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
0785e01b3060e12e72f489dc7851cdbc35f346610a66137a815b4d0b4dc7f1ce  xsa263-4.7/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
0e2b652d6edc9b769ab1c7fffc405ae3794332ff1aea89654b9dadeea117f519  xsa263-4.7/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
335be11dc9fc805851c67336ed2809b828b9e37a0789e0ea41c56a35a4212b10  xsa263-4.7/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
3e0481c5d52154653abbace60b7c3821fe761f51854e4e8a4a20edbf0e1f9ec9  xsa263-4.7/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
d17b526ec320683283ce0547b9fe8c127d43ae7de0c246aa7ec114e75edf2f45  xsa263-4.7/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
59f7911ea86e2128525eb1f0064a611a4bb4feb44cdd91a47b3038759ec79a0f  xsa263-4.7/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
a7825bfa4f96128b3671544da90dfcc25e711cc01f243e1703edd10c60c1faab  xsa263-4.7/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
7deae902ebdaada1293dee6549d8cd0408e2c98827c59a5628a0829b17fa7c61  xsa263-4.7/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
b38cf27b16d81d4038a2428acc8a08eb45dd0dcd42df1a691187d3691f56869b  xsa263-4.7/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
92c35fc3324bf32dbee3b1a34f008b8212b5bce32cb87109fec4f129d15de90e  xsa263-4.8/0001-x86-Fix-x86-further-CPUID-handling-adjustments.patch
535e3fe4e9c27a683ffead7b2fde65b1ffb3231d451dc33c96f3ddc88408f5ef  xsa263-4.8/0002-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
8babb75ee944188a8662aff6fa6e753206a6ab4fc51451b02ee953c963cd8f0f  xsa263-4.8/0003-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
c4712e00101b4b3f1d49810e47790a80661b9c29ae1d6afc41736b1d65d69eeb  xsa263-4.8/0004-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
101c46174e1f977473a7e32a1e7c89728427cd0831aeaf276c318d2a17c7eee5  xsa263-4.8/0005-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
e74a0049fb9da19203c9187cfd869203149b7c99480e857916ae95ebdc683132  xsa263-4.8/0006-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
569f8a8e1e0d9ad066b650d2a46a45a156719d5846112da248853263d3002dd2  xsa263-4.8/0007-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
9c79be6dc3ef9d281c5b676f7d03e44a9308204149a76ade48e76e63aabfa820  xsa263-4.8/0008-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
8b5ec69f7ebdda4dd0d8c81cd4c11d75417f7201c03dc79348b35987da3fb209  xsa263-4.8/0009-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
1b25684bd0c15caff188eb2a3c38f8f72320a63e9de437cfa1ecb759a89e6d54  xsa263-4.8/0010-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
ad8d1552930d3c48dca7d26efde668cf3341cfdef717be6a6b71fc9c1cc1b667  xsa263-4.8/0011-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
1394f75feeff17fb1d7b4eb6b6d9f18a123886d9178fca060f7b4f69618a5edc  xsa263-4.8/0012-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
f63f5a060985c55bc4002d6f949f91c39dcf8fe339efc7133d21debea269bb16  xsa263-4.8/0013-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
a67c16cee885a529182f8f12941077551eb8398f9d8c2f870bea11409b98de8d  xsa263-4.8/0014-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
491b2bf3cd6cf0da0cfca0d3a9329a735652d3eb9a89819e45ab328ed1bfd2b9  xsa263-4.9/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
c7e04d812284592aa7c97ef240ca5603e8998d6b2be3861f1ed40f6ad767f111  xsa263-4.9/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
85f98f5119c5384779254633bc3cdedc639093e7e9dfa45e3ebc165f656619a9  xsa263-4.9/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
9927b85433720e9acfc52316c85bc4a5fb9eab240d3acc358a675b3a38aa9f09  xsa263-4.9/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
8714566a3aa99d0fe3a105637f4c87b1ac451437bd827ed85e74e5f4ba9aadc5  xsa263-4.9/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
317ba3977dab37070c793f5fa3bec6e45cf4f6dfda8fa99a3bd43a769da8ee18  xsa263-4.9/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
2f717ed9174d47d419d218ffb82c4d3ba8af7fbc602fdece526bb013c6e5376b  xsa263-4.9/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
265ad11325438064487c9349dc29de9cdebc14503a17234945eb36dd66050255  xsa263-4.9/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
2174e399924c7a2fcee49466bf87a217d2c61563f7ffd1d7f76e3bbea32fead4  xsa263-4.9/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
a9fe0cbfcd3d77da2e25b410a4dbad115f11368e61854ebcd3306c15ce71e5ef  xsa263-4.9/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
37cac5bf8e9cd66716f3cb2e40fe5c80726edc4aab50863d6cb28e72ed1286ac  xsa263-4.9/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
c559af676460fe3de383ba8df5f004a19a7031e97bb69e36a0c3c550887de404  xsa263-4.9/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
f6aec439eb0f00191cb43b910cbf4c4291e4bc7311bdf9d55c839e8fd1075357  xsa263-4.9/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
740f2819e346dadeeae25e04b40dc6cc447c7123a8fe0cd1064a1efa8301b4c4  xsa263-4.10/0001-x86-spec_ctrl-Read-MSR_ARCH_CAPABILITIES-only-once.patch
46e42c295b4947721fe47085e8a37523756c0b9383da90c22aa0682ad04599b6  xsa263-4.10/0002-x86-spec_ctrl-Express-Xen-s-choice-of-MSR_SPEC_CTRL-.patch
ed38748b15ad70869c5bf2b1eea91ddbb0a9e1f63f66614259320258e1f523e6  xsa263-4.10/0003-x86-spec_ctrl-Merge-bti_ist_info-and-use_shadow_spec.patch
18a5cadfbb1cb7045c6efe4a526eb31aacbef995b57342afe544aede972e890f  xsa263-4.10/0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
68ffb02ec8aa5f4c677e4debaf65685f94aae0661f74b9dee3eef16cd73a6024  xsa263-4.10/0005-x86-spec_ctrl-Rename-bits-of-infrastructure-to-avoid.patch
85843f6c987ce465e8c87900e0ae368bf7cb7d8da64371b7e44df8907527b27c  xsa263-4.10/0006-x86-spec_ctrl-Elide-MSR_SPEC_CTRL-handling-in-idle-c.patch
d5da58489adf87228391436dfd1f01c47b312bfef93f207f988e6b50d137d5d9  xsa263-4.10/0007-x86-spec_ctrl-Split-X86_FEATURE_SC_MSR-into-PV-and-H.patch
4c6a28b834b79a0c2bfcde8c9fc2246c7ff9b0c90b6d3bac221a53c51afc6c99  xsa263-4.10/0008-x86-spec_ctrl-Explicitly-set-Xen-s-default-MSR_SPEC_.patch
414c5d2f888a77077e168c4fca6f75be4de42a28a5927eb9f5f9a5a5c0bdf723  xsa263-4.10/0009-x86-cpuid-Improvements-to-guest-policies-for-specula.patch
6fc2508d7f9183faf83eb1931e415663d32d8df12d3ab021d73616e2de54caa6  xsa263-4.10/0010-x86-spec_ctrl-Introduce-a-new-spec-ctrl-command-line.patch
3f83546f98d98853ba7c6afd0eb23fe9a7cbceba0f8acea32e9fe466d86bf56c  xsa263-4.10/0011-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch
93e7b786d1224f672cc79c753e83eda607e02c8c9414ec926c532a92c0e6c70a  xsa263-4.10/0012-x86-Intel-Mitigations-for-GPZ-SP4-Speculative-Store-.patch
d15756d90fc911a6f5ba28c2b84b5d3a6f3b864e85b1cf4c0fe82f8482af981d  xsa263-4.10/0013-x86-msr-Virtualise-MSR_SPEC_CTRL.SSBD-for-guests-to-.patch
$

NOTE REGARDING LACK OF EMBARGO
==============================

We understand that despite an attempt to organise predisclosure, the
discoverers ultimately did not authorise a predisclosure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJbAvkgAAoJEIP+FMlX6CvZJSYIAJuxYhP2DoGxRvBbmmx/70NN
v1EFr+bBH51kMby79UNYKMR5SnZ5yHgjO0f76t9KnQlN3LUkOs9zLEfiyPebmI5I
fTACRG8/I8IRDUzzlWlYuEwLDqXBzJn5gvrMIXVz7/K45yOdVDih8GudI0kfDmT+
z3MulyzkYr6+epGfQIxJuo/qfmfBbLJR6RX6QEtF/Y2NEpdLV3zxuFdx3QN2A5Am
s2ephgBJmhMHj+s9GvyUWkry22QaZLVnamCKK5NBOKUuu3Ha8yCVf5u51+9LoXL7
UWVqbQiQChJMr1L5ij/IcHLgf6gDHxCrCvfRwF7hXcRl0EimMQlZNkQwMy/hrgM=
=wPqD
-----END PGP SIGNATURE-----

Xenproject.org Security Team