[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions

To: oss-security@xxxxxxxxxxxxxxxxxx
From: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
Date: Tue, 12 Jul 2022 21:27:07 +0200
Cc: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, "Xen.org security team" <security-team-members@xxxxxxx>
Delivery-date: Tue, 12 Jul 2022 19:27:12 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

On Tue, Jul 12, 2022 at 04:36:10PM +0000, Xen.org security team wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
>  Xen Security Advisory CVE-2022-23816,CVE-2022-23825,CVE-2022-29900 / XSA-407
> 
>    Retbleed - arbitrary speculative code execution with return instructions
> 
> ISSUE DESCRIPTION
> =================
> 
> Researchers at ETH Zurich have discovered Retbleed, allowing for
> arbitrary speculative execution in a victim context.
> 
> For more details, see:
>   https://comsec.ethz.ch/retbleed
> 
> ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for
> Intel.
> 
> Despite the similar preconditions, these are very different
> microarchitectural behaviours between vendors.
> 
> On AMD CPUs, Retbleed is one specific instance of a more general
> microarchitectural behaviour called Branch Type Confusion.  AMD have
> assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type
> Confusion).
> 
> For more details, see:
>   https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

Is it confirmed that AMD is not using CVE-2022-29900? The above
amd-sb-1037 references as well both CVE-2022-23825 (Branch Type
Confusion) and CVE-2022-29900 (RETbleed), so I assume they agreed to
use CVE-2022-29900 for retbleed?

So should the Xen advisory as well use CVE-2022-23825,CVE-2022-29900
and CVE-2022-29901?

Regards,
Salvatore

Follow-Ups:
- Re: [oss-security] Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
  - From: Salvatore Bonaccorso

References:
- Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
  - From: Xen . org security team

Prev by Date: Re: [PATCH] x86/PAT: Report PAT on CPUs that support PAT without MTRR
Next by Date: Re: Build warnings in Xen 5.15.y and 5.10.y with retbleed backports
Previous by thread: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
Next by thread: Re: [oss-security] Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.