CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%
Contemporary high performance processors may use a technique commonly known as Memory Disambiguation, whereby speculative execution may proceed past unresolved stores. This opens a speculative sidechannel in which loads from an address which have had a recent store can observe and operate on the older, stale, value.
For more details, see: <a href=“https://bugs.chromium.org/p/project-zero/issues/detail?id=1528”>https://bugs.chromium.org/p/project-zero/issues/detail?id=1528</a> <a href=“https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html”>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html</a> <a href=“https://www.amd.com/securityupdates”>https://www.amd.com/securityupdates</a>
An attacker who can locate or create a suitable code gadget in a different privilege context may be able to infer the content of arbitrary memory accessible to that other privilege context.
At the time of writing, there are no known vulnerable gadgets in the compiled hypervisor code. Xen has no interfaces which allow JIT code to be provided. Therefore we believe that the hypervisor itself is not vulnerable. Additionally, we do not think there is a viable information leak by one Xen guest against another non-cooperating guest.
However, in most configurations, within-guest information leak is possible. Mitigation for this generally depends on guest changes (for which you must consult your OS vendor) and on hypervisor support, provided in this advisory.
Systems running all versions of Xen are affected.
Processors from all vendors are affected to different extents.
Further communication will be made for Arm. See <a href=“https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability”>https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability</a> for more details.
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
65.2%