xen: Special Register Buffer speculative side channel (CVE-2020-0543, XSA-320)
Certain processor operations microarchitecturally need to read data from outside the physical core (e.g. to communicate with the random number generator). In some implementations, this operation is called a Special Register Read.
In some implementations, data are staged in a single shared buffer, and a full cache line at a time is returned to the core which made the Special Register Read. On parts vulnerable to MFBDS or TAA, an attacker may be able to access stale data requested by other cores in the system.
Systems running all versions of Xen are affected.
Reference:
http://xenbits.xen.org/xsa/advisory-320.html
Affected branches:
-
master (b180bcb2) -
3.12-stable -
3.11-stable -
3.10-stable -
3.9-stable