SB2022030864 - Multiple vulnerabilities in Xen XSA

Description

This security bulletin contains information about 5 vulnerabilities.

1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

2) Information disclosure (CVE-ID: CVE-2022-0001)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

3) Information disclosure (CVE-ID: CVE-2022-0002)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

4) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-26341)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to some AMD CPUs may transiently execute beyond unconditional direct branches. A local user can gain unauthorized access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2021-26401)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://xenbits.xen.org/xsa/advisory-398.html