Bug 1221332

Summary: VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452)
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: IN_PROGRESS --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: carlos.lopez, carnold, denis.kirjanov, gianluca.gabrielli, jbeulich, meissner, mhocko, nborisov, nik.borisov, rfrohl, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372961/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1213456    
Bug Blocks:    
Attachments: Attached patches

Description Carlos López 2024-03-13 08:42:39 UTC 
Created attachment 873464 [details]
Attached patches

+++ This bug was initially created as a clone of Bug #1213456 +++


            Xen Security Advisory CVE-2023-28746 / XSA-452

                   x86: Register File Data Sampling

ISSUE DESCRIPTION
=================

Intel have disclosed RFDS, Register File Data Sampling, affecting some
Atom cores.

This came from internal validation work.  There is no information
provided about how an attacker might go about inferring data from the
register files.

For more details, see:
  https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html

IMPACT
======

An attacker might be able to infer the contents of data held previously
in floating point, vector and/or integer register files on the same
logical processor, including data from a more privileged context.

Note: None of the vulnerable processors support HyperThreading, so there
      is no instantaneous exposure of data from other threads.

VULNERABLE SYSTEMS
==================

Systems running all versions of Xen are affected.

RFDS is only known to affect certain Atom processors from Intel.  Other
Intel CPUs, and CPUs from other hardware vendors are not known to be
affected.

RFDS affects Atom processors between the Goldmont and Gracemont
microarchitectures.  This includes Alder Lake and Raptor Lake hybrid
client systems which have a mix of Gracemont and other types of cores.

MITIGATION
==========

There is no mitigation.

RESOLUTION
==========

Intel are producing microcode update to address the issue for in-support
CPUs.  This is done by extending the VERW instruction with more
scrubbing side effects.  Consult your dom0 OS vendor and/or hardware
vendor for updated microcode.

In addition to the microcode, changes are required in Xen to reposition
the VERW scrubbing and to activate it when necessary, as well as to
inform guest kernels of when the extra side effect is present and/or
when the system is believed to be not vulnerable.  The appropriate set
of patches does this.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa452/xsa452-?.patch           xen-unstable
xsa452/xsa452-4.18-?.patch      Xen 4.18.x
xsa452/xsa452-4.17-?.patch      Xen 4.17.x
xsa452/xsa452-4.16-?.patch      Xen 4.16.x
xsa452/xsa452-4.15-?.patch      Xen 4.15.x

$ sha256sum xsa452*/*
9365456e85fc04947206075cdfe4a805c3d628d7c1f5b8020785d8fd84c93aa9  xsa452/xsa452-1.patch
89ce3001975352a1321dc1577d9d14273e6b383080900881603339e5a860e1fd  xsa452/xsa452-2.patch
775a2d57b7aa8e2522cce61b1ddebd267e36218ecdcc0f678db7ed0ed1f54c21  xsa452/xsa452-3.patch
0e56da437f3ea30b97f79fa1d247561815625e152c963dd504f11082863eaa32  xsa452/xsa452-4.15-1.patch
184f2fe90b614e3e5c7056669ea6c829242058f5c00407a3db1e34bcd4fb4aed  xsa452/xsa452-4.15-2.patch
237e9aa65122ef4a18f57e44f6841a80e967deac90e251ce629cba6ea2f66030  xsa452/xsa452-4.15-3.patch
59d5ec14b784b6c4f9ce2bb6258cb91ee6233fc01761f27c655f4582bdeb6830  xsa452/xsa452-4.15-4.patch
946a8d80f7c11a03a26a045eb2ba4e03be7e739f04df72e5e1f67279e374136e  xsa452/xsa452-4.15-5.patch
6eba7f56a67a101c39e2345b53530a4036b2fad50f4b745e39f8da1d0bffcbd5  xsa452/xsa452-4.15-6.patch
326571a214f358787bc4af8c71d96ae6455a9da80da4d43358af282eebb51e4d  xsa452/xsa452-4.15-7.patch
5aca7cf8ca97dd735769fc4c154dab576461da7ec1838ad152e90ceebb5af60d  xsa452/xsa452-4.16-1.patch
c7167c270a28cb639a9b94b898e656123767c21d0951fe48404bbbcf7d2be151  xsa452/xsa452-4.16-2.patch
55d61becc38663c6756baceb919645bc2cb4794b517cd067f9b452822fe11ecf  xsa452/xsa452-4.16-3.patch
6e7a93935d1a4df2dea5d9a6542127feb5d662b33cc766587a713746e4992841  xsa452/xsa452-4.16-4.patch
ee4bbf1988a05cc00c51512d5f258d310f3d5f21d23094d4a7b9ca3cf55ffcde  xsa452/xsa452-4.16-5.patch
f44dc3d957eca731834d13c1b7bf31cadfee5c4d354dbdb1e6aa317063c26420  xsa452/xsa452-4.16-6.patch
520188698c87ebfd42457b8f22d62e20e715d1bf28bfe43f93fbac4479485b15  xsa452/xsa452-4.16-7.patch
5ee4fffcb0418d34ec03605cf507d7c24d82355716fde250d3fd01308c40b29f  xsa452/xsa452-4.17-1.patch
a4081d6329c9ba7dd95b2f693ef6cfa61ef3a6148b0e4279f2cc8648be98b1ca  xsa452/xsa452-4.17-2.patch
bd6364569bb1d2841df6e9dad2d0c0d859b5cab5046141ba6c54a53ab7cbef76  xsa452/xsa452-4.17-3.patch
9c7aedd1a4f1e3dab344dd4ac0438de3ab25079f6aaa8d2f1b384b8f6f2df770  xsa452/xsa452-4.17-4.patch
7886b2da37de7c8bb0ed1bd9e8f001dbc46aa8802152c315fa1141f76e09dc77  xsa452/xsa452-4.17-5.patch
01dd485e5b2130b85905187ef6351d2fb6514cefb0096db3f710bff4345b8c29  xsa452/xsa452-4.17-6.patch
f64109a3e0a2237cc4fabc94f680c96a82e71d037e9d263ee7782fef0895fa32  xsa452/xsa452-4.17-7.patch
2fa4d889fc193e4ddd46e570e8c37d59e89fd667db52afb912d692d2775b25d6  xsa452/xsa452-4.18-1.patch
a4081d6329c9ba7dd95b2f693ef6cfa61ef3a6148b0e4279f2cc8648be98b1ca  xsa452/xsa452-4.18-2.patch
d4f61f50c9c6c17888ae6a371a2bde95cfad92d4e72c5e3ca54638fb4cc6fcfa  xsa452/xsa452-4.18-3.patch
7922255f39744c75fa2e84c3971a27432b1f1f177ddb40647bdc753eacea412c  xsa452/xsa452-4.18-4.patch
b262adff116cb00c371b45cffffb111c4ca359490a27a69ad7482a1ae92ac173  xsa452/xsa452-4.18-5.patch
0c0830b81f60b5a5b4d6bd339410ab6f512276491d30881587361b9c9fb7d0ff  xsa452/xsa452-4.18-6.patch
4ab5a0106c4ffdf713ebd3059eccd07ae8589e0d8348413685ecf0ff7d7b2a05  xsa452/xsa452-4.18-7.patch
51c1561026f32415cf69a362cca33a14aa361f34ddce3785667d99d25e922488  xsa452/xsa452-4.patch
518da7d12c295851a1ae3a03cc28b290bc0e9dee4c4446d20d341c88c9908961  xsa452/xsa452-5.patch
Comment 2 OBSbugzilla Bot 2024-03-22 15:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1221332) was mentioned in
https://build.opensuse.org/request/show/1160685 Factory / xen
Comment 4 OBSbugzilla Bot 2024-03-26 13:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1221332) was mentioned in
https://build.opensuse.org/request/show/1162273 Factory / xen
Comment 7 Maintenance Automation 2024-04-03 16:30:06 UTC 
SUSE-SU-2024:1105-1: An update that solves two vulnerabilities and has two security fixes can now be installed.

Category: security (moderate)
Bug References: 1027519, 1220141, 1221332, 1221334
CVE References: CVE-2023-28746, CVE-2024-2193
Maintenance Incident: [SUSE:Maintenance:33159](https://smelt.suse.de/incident/33159/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 xen-4.12.4_46-3.106.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 xen-4.12.4_46-3.106.1
SUSE Linux Enterprise Server 12 SP5 (src):
 xen-4.12.4_46-3.106.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
 xen-4.12.4_46-3.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Charles Arnold 2024-04-08 11:19:41 UTC 
(In reply to Maintenance Automation from comment #7)
> SUSE-SU-2024:1105-1: An update that solves two vulnerabilities and has two
> security fixes can now be installed.
> 
> Category: security (moderate)
> Bug References: 1027519, 1220141, 1221332, 1221334
> CVE References: CVE-2023-28746, CVE-2024-2193
> Maintenance Incident:
> [SUSE:Maintenance:33159](https://smelt.suse.de/incident/33159/)
> Sources used:
> SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
>  xen-4.12.4_46-3.106.1
> SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
>  xen-4.12.4_46-3.106.1
> SUSE Linux Enterprise Server 12 SP5 (src):
>  xen-4.12.4_46-3.106.1
> SUSE Linux Enterprise Software Development Kit 12 SP5 (src):
>  xen-4.12.4_46-3.106.1
> 
> NOTE: This line indicates an update has been released for the listed
> product(s). At times this might be only a partial fix. If you have questions
> please reach out to maintenance coordination.

I'm uncertain why you took me off as the Assignee.
Comment 9 Maintenance Automation 2024-04-08 12:30:19 UTC 
SUSE-SU-2024:1152-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1221332, 1221334
CVE References: CVE-2023-28746, CVE-2024-2193
Maintenance Incident: [SUSE:Maintenance:33137](https://smelt.suse.de/incident/33137/)
Sources used:
SUSE Linux Enterprise Micro 5.1 (src):
 xen-4.14.6_12-150300.3.69.1
SUSE Linux Enterprise Micro 5.2 (src):
 xen-4.14.6_12-150300.3.69.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 xen-4.14.6_12-150300.3.69.1
openSUSE Leap 15.3 (src):
 xen-4.14.6_12-150300.3.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2024-04-08 12:31:24 UTC 
SUSE-SU-2024:1102-1: An update that solves three vulnerabilities and has one security fix can now be installed.

Category: security (moderate)
Bug References: 1027519, 1219885, 1221332, 1221334
CVE References: CVE-2023-28746, CVE-2023-46841, CVE-2024-2193
Maintenance Incident: [SUSE:Maintenance:33142](https://smelt.suse.de/incident/33142/)
Sources used:
openSUSE Leap 15.5 (src):
 xen-4.17.3_08-150500.3.27.1
SUSE Linux Enterprise Micro 5.5 (src):
 xen-4.17.3_08-150500.3.27.1
Basesystem Module 15-SP5 (src):
 xen-4.17.3_08-150500.3.27.1
Server Applications Module 15-SP5 (src):
 xen-4.17.3_08-150500.3.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2024-04-08 12:31:27 UTC 
SUSE-SU-2024:1101-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1221332, 1221334
CVE References: CVE-2023-28746, CVE-2024-2193
Maintenance Incident: [SUSE:Maintenance:33136](https://smelt.suse.de/incident/33136/)
Sources used:
openSUSE Leap 15.4 (src):
 xen-4.16.5_14-150400.4.52.1
openSUSE Leap Micro 5.3 (src):
 xen-4.16.5_14-150400.4.52.1
openSUSE Leap Micro 5.4 (src):
 xen-4.16.5_14-150400.4.52.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 xen-4.16.5_14-150400.4.52.1
SUSE Linux Enterprise Micro 5.3 (src):
 xen-4.16.5_14-150400.4.52.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 xen-4.16.5_14-150400.4.52.1
SUSE Linux Enterprise Micro 5.4 (src):
 xen-4.16.5_14-150400.4.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Charles Arnold 2024-04-11 20:12:22 UTC 
This has been released to all relevant distros.
Comment 18 Maintenance Automation 2024-07-16 16:30:09 UTC 
SUSE-SU-2024:2535-1: An update that solves six vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1214083, 1221332, 1221334, 1221984, 1222302, 1222453, 1227355
CVE References: CVE-2023-28746, CVE-2023-46842, CVE-2024-2193, CVE-2024-2201, CVE-2024-31142, CVE-2024-31143
Maintenance Incident: [SUSE:Maintenance:33138](https://smelt.suse.de/incident/33138/)
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 xen-4.13.5_12-150200.3.93.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 xen-4.13.5_12-150200.3.93.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 xen-4.13.5_12-150200.3.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.