CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
25.3%
An attacker might be able to infer the contents of memory belonging to other guests.
Due to the interaction of this issue with previous speculation fixes in their default configuration, an attacker cannot leverage this vulnerability to infer the content of memory that belongs to Xen itself.
Systems running all versions of Xen are affected.
Only AMD CPUs are potentially vulnerable. CPUs from other hardware vendors are not impacted.
Whether a CPU is potentially vulnerable depends on its microarchitecture. Consult your hardware vendor.
The fix for XSA-407 / CVE-2022-23825 elected, out of an abundance of caution, to use IBPB-on-entry as a Branch Type Confusion mitigation. It is believed that this mitigation is still sufficient, in light of the new discoveries. Therefore, no changes are being provided at this time.
For CVE-2022-23824, patches are being provided on all releases as the bug pertains to a specific speculation control not working as documented, but there are a number circumstances where safety is provided as a side effect of other speculative mitigations.
pv=no-32
, or 32-bit PV guests are disabled as a side effect of CET being active (requires a capable toolchain, CONFIG_XEN_SHSTK=y or CONFIG_XEN_IBT=y, and capable hardware), then Xen will by default use the performance optimisation. In this case, a malicious 64-bit PV guest can mount an attack using this issue.spec-ctrl=
on the Xen command line to tune the speculative mitigations.CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
25.3%