Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
xen
xsa370.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa370.patch of Package xen
Subject: SUPPORT.md: Document speculative attacks status of non-shim 32-bit PV From: Ian Jackson ian.jackson@eu.citrix.com Tue Mar 9 15:00:47 2021 +0000 Date: Tue May 4 15:00:24 2021 +0200: Git: b1e46bc369bb490b721c77f15d2583bbf466152d This documents, but does not fix, XSA-370. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Signed-off-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> --- a/docs/features/feature-levelling.pandoc +++ b/docs/features/feature-levelling.pandoc @@ -79,6 +79,19 @@ on all `CPUID` instructions, allowing Xe The `CPUID` instruction is unprivileged, so executing it in a PV guest will not trap, leaving Xen no direct ability to control the information returned. +Traditional Xen PV guest + + * Status, x86_64: Supported + * Status, x86_32, shim: Supported + * Status, x86_32, without shim: Supported, with caveats + +Due to architectural limitations, +32-bit PV guests must be assumed to be able to read arbitrary host memory +using speculative execution attacks. +Advisories will continue to be issued +for new vulnerabilities related to un-shimmed 32-bit PV guests +enabling denial-of-service attacks or privilege escalation attacks. + ### Xen Forced Emulation Prefix Xen-aware PV software can make use of the 'Forced Emulation Prefix'
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor