We have just published Qubes Security Bulletin (QSB) 069: Multiple Xen and Intel issues. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB-069 in the qubes-secpack:


Learn about the qubes-secpack, including how to obtain, verify, and read it:


View all past QSBs:


             ---===[ Qubes Security Bulletin 069 ]===---


                    Multiple Xen and Intel issues
        (XSA-373, XSA-374, XSA-375, XSA-377, INTEL-SA-00442)

User action required

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.0, in dom0:
  - Xen packages, version 4.8.5-34
  - Linux kernel packages, versions 5.12.9-1 (for users of the "latest"
    kernel flavor)
  - microcode_ctl package, version 2.1-33.qubes1 (for Intel CPU users)

  For Qubes 4.1, in dom0:
  - Xen packages, version 4.14.1-5
  - Linux kernel packages, versions 5.10.42-1, 5.12.9-1 (for users of
    the "latest" kernel flavor)
  - microcode_ctl package, version 2.1-33.qubes1 (for Intel CPU users)

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update Tool or its command-line equivalents. [2]

Dom0 must be restarted afterward in order for the updates to take

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.


The following security advisories were published on 2021-06-08:

XSA-373 [3] "Inappropriate x86 IOMMU timeout detection / handling":

| IOMMUs process commands issued to them in parallel with the operation
| of the CPU(s) issuing such commands.  In the current implementation in
| Xen, asynchronous notification of the completion of such commands is
| not used.  Instead, the issuing CPU spin-waits for the completion of
| the most recently issued command(s).  Some of these waiting loops try
| to apply a timeout to fail overly-slow commands.  The course of action
| upon a perceived timeout actually being detected is inappropriate:
|  - on Intel hardware guests which did not originally cause the timeout
|    may be marked as crashed,
|  - on AMD hardware higher layer callers would not be notified of the
|    issue, making them continue as if the IOMMU operation succeeded.

XSA-374 [4] "Guest triggered use-after-free in Linux xen-netback":

| A malicious or buggy network PV frontend can force Linux netback to
| disable the interface and terminate the receive kernel thread
| associated with queue 0 in response to the frontend sending a
| malformed packet.
| Such kernel thread termination will lead to a use-after-free in Linux
| netback when the backend is destroyed, as the kernel thread associated
| with queue 0 will have already exited and thus the call to
| kthread_stop will be performed against a stale pointer.

XSA-375 [5] "Speculative Code Store Bypass":

| Modern superscalar processors may employ sophisticated decoding and
| caching of the instruction stream to improve performance.  However, a
| consequence is that self-modifying code updates may not take effect
| instantly.
| Whatever the architectural guarantees, some CPUs have
| microarchitectural behaviour whereby the stale instruction stream may
| be speculatively decoded and executed.
| Speculation of this form can suffer from type confusion in registers,
| and potentially leak data.

XSA-377 [6] "x86: TSX Async Abort protections not restored after S3":

| This issue relates to the TSX Async Abort speculative security
| vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html
| for details.
| Mitigating TAA by disabling TSX (the default and preferred option)
| requires selecting a non-default setting in MSR_TSX_CTRL.  This
| setting isn't restored after S3 suspend.

INTEL-SA-00442 [7] "IntelĀ® VT-d Advisory":

| A potential security vulnerability in some IntelĀ® Virtualization
| Technology for Directed I/0 (VT-d) products may allow escalation of
| privilege. Intel is releasing firmware updates to mitigate this
| potential vulnerability.



As the Xen Security Team explains, "A malicious guest may be able to
elevate its privileges to that of the host, cause host or guest Denial
of Service (DoS), or cause information leaks." Only a guest with a PCI
device can leverage this vulnerability, such as `sys-net` or `sys-usb`
in a default Qubes OS configuration.


A malicious or buggy VM can trigger its network-providing VM to crash.
In a typical installation, the affected network-providing VM would be
`sys-firewall` or `sys-whonix`. Privilege escalation (to the
network-providing VM) and information leaks cannot be ruled out.

The issue affects only Linux kernel version 5.5 and newer. By default,
Qubes OS R4.0 uses Linux 5.4.x and is therefore not affected. However,
if the user has manually installed a newer, affected kernel version
(e.g., using the `kernel-latest-qubes-vm` package), then that
installation is affected.


As explained by the Xen Security Team, "An attacker might be able to
infer the contents of arbitrary host memory, including memory assigned
to other guests."


The impact is the same as XSA-305, which we explained in QSB-053 [8]:

| An attacker, which could include a malicious untrusted user process on
| a trusted guest, or an untrusted guest, can sample the content of
| recently-used memory operands and IO Port writes.
| This can include data from:
|  * A previously executing context (process, or guest, or
|    hypervisor/toolstack) at the same privilege level.
|  * A higher privilege context (kernel, hypervisor, SMM) which
|    interrupted the attacker's execution.
| Vulnerable data is that on the same physical core as the attacker.
| This includes, when hyper-threading is enabled, adjacent threads.
| An attacker cannot use this vulnerability to target specific data.
| An attack would likely require sampling over a period of time and the
| application of statistical methods to reconstruct interesting data.


As explained by Intel, "Incomplete cleanup in some Intel(R) VT-d
products may allow an authenticated user to potentially enable
escalation of privilege via local access."

Only Intel CPUs are affected.


See the original Security Advisories.


[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/updating-qubes-os/
[3] https://xenbits.xen.org/xsa/advisory-373.html
[4] https://xenbits.xen.org/xsa/advisory-374.html
[5] https://xenbits.xen.org/xsa/advisory-375.html
[6] https://xenbits.xen.org/xsa/advisory-377.html
[7] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
[8] https://www.qubes-os.org/news/2019/11/13/qsb-053/

The Qubes Security Team