[Pkg-xen-devel] Bug#1036298: xen: CVE-2022-42336: XSA-431: Mishandling of guest SSBD selection on AMD hardware
Salvatore Bonaccorso
carnil at debian.org
Thu May 18 21:08:49 BST 2023
Source: xen
Version: 4.17.0+74-g3eac216e6e-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for xen.
CVE-2022-42336[0]:
| Mishandling of guest SSBD selection on AMD hardware The current logic
| to set SSBD on AMD Family 17h and Hygon Family 18h processors requires
| that the setting of SSBD is coordinated at a core level, as the
| setting is shared between threads. Logic was introduced to keep track
| of how many threads require SSBD active in order to coordinate it,
| such logic relies on using a per-core counter of threads that have
| SSBD active. When running on the mentioned hardware, it's possible for
| a guest to under or overflow the thread counter, because each write to
| VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that
| does the per-core active accounting. Underflowing the counter causes
| the value to get saturated, and thus attempts for guests running on
| the same core to set SSBD won't have effect because the hypervisor
| assumes it's already active.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-42336
https://www.cve.org/CVERecord?id=CVE-2022-42336
[1] https://xenbits.xen.org/xsa/advisory-431.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-xen-devel
mailing list