-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2022-21123,CVE-2022-21125,CVE-2022-21166 / XSA-404
                                   version 2

                 x86: MMIO Stale Data vulnerabilities

UPDATES IN VERSION 2
====================

Correct one CVE.  The title for version 1 gave CVE-2022-21124 which was
incorrect and should have been CVE-2022-21125.

Patches are now reviewed.  Backports are available.

ISSUE DESCRIPTION
=================

This issue is related to the SRBDS, TAA and MDS vulnerabilities.  Please
see:

  https://xenbits.xen.org/xsa/advisory-320.html (SRBDS)
  https://xenbits.xen.org/xsa/advisory-305.html (TAA)
  https://xenbits.xen.org/xsa/advisory-297.html (MDS)

Please see Intel's whitepaper:

  https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html

IMPACT
======

An attacker might be able to directly read or infer data from other
security contexts in the system.  This can include data belonging to
other VMs, or to Xen itself.  The degree to which an attacker can obtain
data depends on the CPU, and the system configuration.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

Only x86 processors are vulnerable.  Processors from other manufacturers
(e.g. ARM) are not believed to be vulnerable.

Only Intel based processors are affected.  Processors from other x86
manufacturers (e.g. AMD) are not believed to be vulnerable.

Please consult the Intel Security Advisory for details on the affected
processors and configurations.

Per Xen's support statement, PCI passthrough should be to trusted
domains because the overall system security depends on factors outside
of Xen's control.

As such, Xen, in a supported configuration, is not vulnerable to
DRPW/SBDR.

MITIGATION
==========

All mitigations depend on functionality added in the IPU 2022.1 (May
2022) microcode release from Intel.  Consult your dom0 OS vendor.

To the best of the security team's understanding, the summary is as
follows:

Server CPUs (Xeon EP/EX, Scalable, and some Atom servers), excluding
Xeon E3 (which use the client CPU design), are potentially vulnerable to
DRPW (CVE-2022-21166).

Client CPUs (inc Xeon E3) are, furthermore, potentially vulnerable to
SBDR (CVE-2022-21123) and SBDS (CVE-2022-21125).

SBDS only affects CPUs vulnerable to MDS.  On these CPUs, there are
previously undiscovered leakage channels.  There is no change to the
existing MDS mitigations.

DRPW and SBDR only affects configurations where less privileged domains
have MMIO mappings of buggy endpoints.  Consult your hardware vendor.

In configurations where less privileged domains have MMIO access to
buggy endpoints, `spec-ctrl=unpriv-mmio` can be enabled which will cause
Xen to mitigate cross-domain fill buffer leakage, and extend SRBDS
protections to protect RNG data from leakage.

RESOLUTION
==========

Applying the appropriate attached patches and enabling the newly
introduced command line option, if appropriate, mitigates these issues.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa404/xsa404-?.patch           xen-unstable
xsa404/xsa404-4.16-?.patch      Xen 4.16.x
xsa404/xsa404-4.15-?.patch      Xen 4.15.x
xsa404/xsa404-4.14-?.patch      Xen 4.14.x
xsa404/xsa404-4.13-?.patch      Xen 4.13.x

$ sha256sum xsa404*/*
51a812b3e37fb5067aff94d7e587c3fed0de4fcc89e694c7b7dbf1ef2d7e2acc  xsa404/xsa404-1.patch
99d9657cd811f5ed86949bd44777b6bfbb4356fea70795edaa9c7ede341603a0  xsa404/xsa404-2.patch
7e61db8f1741a9e2e9e68e7221cc532f4d17c4d0b2e02ce9ba4468ce187b7b57  xsa404/xsa404-3.patch
be78110d460db361be29f5e5f4b4608bbd25d2032c5f14eed05fd10e66e99e87  xsa404/xsa404-4.13-1.patch
7734bc21a04eb0cea30564bd0855ecc969b7b427a250b5ea6efc6fab46483b70  xsa404/xsa404-4.13-2.patch
6abbdcf5308c033ab7b59c6c75514e29aa14f06c61ef807e2d0c80695af1cace  xsa404/xsa404-4.13-3.patch
ccff36c3615d0068ade29e1d25abd6112b9e90490a5b0ef3d189b27aa53976b2  xsa404/xsa404-4.14-1.patch
ac446bed9d33d84e0b20e4898ce1424f3ed7ed4b05c3c559045a377a9a044b0c  xsa404/xsa404-4.14-2.patch
0ca7801e0442dd304d62538a0861fe459b08dc367530d2142405d602930e1dab  xsa404/xsa404-4.14-3.patch
a26036a136c10810de88960704e6922a40b483a49c8b1821a6e265cae968bfc2  xsa404/xsa404-4.15-1.patch
25616a8665b96b965fbc0b799fb8cd17a360b4add71c6e6e504859cfd35f19ce  xsa404/xsa404-4.15-2.patch
a4c3608210f62e453f9c983ebc1a3b0846ca3a52ba32ee13143561710b4c4118  xsa404/xsa404-4.15-3.patch
a18c04cfdacf7dbb518216ac85047a5851c1f64c62d64e234f8ed19b6905ba60  xsa404/xsa404-4.16-1.patch
d22af75e0bc42e249a37bd91165b426c7146f69dfd6c4de4a06d6ed0b3e5e713  xsa404/xsa404-4.16-2.patch
b04603668f61fbd40e2effaaeb7b3d9c555a8d8a4667208ae0ae42baf323230a  xsa404/xsa404-4.16-3.patch
$

In addition, the backports have already been pushed to xen.git.  They are
available in the following branches:

staging      8c24b70fedcb52633b2370f834d8a2be3f7fa38e
staging-4.16 2e82446cb252f6c8ac697e81f4155872c69afde4
staging-4.15 a3faf632606e54437146dbcac2c9bbb89b9a4007
staging-4.14 c5f774eaeeca195ef85b47713f0b21220c4b41e6
staging-4.13 87ff11354f0dc0d6e77e1695e6c1e14aa1382cdc

NOTE CONCERNING CVE-2022-21127 / Update to SRBDS
================================================

An issue was discovered with the SRBDS microcode mitigation.  A
microcode update was released as part of Intel's IPU 2022.1 in May 2022.

Updating microcode is sufficient to fix the issue, with no extra actions
required on Xen's behalf.  Consult your dom0 OS vendor or OEM for
updated microcode.

NOTE CONCERNING CVE-2022-21180 / Undefined MMIO Hang
====================================================

A related issue was discovered.  See:

  https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/undefined-mmio-hang.html

Xen is not vulnerable to UMH in supported configurations.

The only mitigation is to avoid passing impacted devices through to
untrusted guests.

NOTE CONCERNING LACK OF EMBARGO
===============================

The discoverer did not authorise us to predisclose.
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmKrVbAMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ2AcH/jWGiu0jpWMkQw/3U4DUu2a77PcC9jLH8NONesB7
SGfdhIMNqmStUI5VJf54ccDIrZSLQxvNVWWxXyQPhZXWhSPf5xE2uYK1qUL+Za8c
kOIJr0Drzffr2Bmu3NnBCRdQDkmXl2GDgqig4YWK/+BOlOO+YxBGdyoE0mBOXMo4
+cQHHvYa16kZVuwxyS0mZxhKFo3JQZaKqh2DEzKZUWm3w8n3NKEYG8S00sttZfjs
dS8rNXEu+yrmPjsJ+hFfJw8MfoETE6yGI47C89dFTN9Q0KedEYM28oD6ClMUC+ks
kwnFAk561m4VUoTqkSv82PeJfS9Sp5D6yO4CDdC05Eyc9gA=
=K9Tq
-----END PGP SIGNATURE-----