[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Note concerning CVE-2020-0550 Snoop-assisted L1D sampling



Snoop-assisted L1D Sampling is a speculative side channel where an
attacker can read the contents of a dirty cache line when the cache line
is read by another CPU.

For the exact cycle where a Snoop Response is being constructed for a
dirty cache line, a faulting/assisting load may be forwarded data from
the cache line.

See
https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
for further details.

There are no planned mitigations, owing to the complexity of obtaining
data in the first place, and the implausible scenario an attacker would
have to be in to exploit this.

Note: This issue should not be confused with previously disclosed
CVE-2020-0449 L1D Eviction Sampling.

~Andrew,
On behalf of the Xen Security Team

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.