Dear Qubes Community,
We have updated Qubes Security Bulletin (QSB) #40: Information leaks due to processor speculative store bypass (XSA-263). The text of the main changes are reproduced below. For the full text, please see the complete QSB in the qubes-secpack:
View QSB #40 in the qubes-secpack:
Learn about the qubes-secpack, including how to obtain, verify, and read it:
View all past QSBs:
View XSA-263 in the XSA Tracker:
Changelog ========== 2018-05-24: Original QSB published 2018-06-11: Updated and clarified Patching section Patching ========= The mitigation for this issue is called called "Speculative Store Bypass Disable" (SSBD). For Intel processors, SSBD requires both a software update and a CPU microcode update. For AMD processors, a software update alone is sufficient; no microcode update is necessary. The packages described below provide the necessary software updates for SSBD. On 2018-05-23, Intel Corporation announced that microcode updates would be available soon : | Variant 3a is mitigated in the same processor microcode updates as | Variant 4, and Intel has released these updates in beta form to OEM | system manufacturers and system software vendors. They are being | readied for production release, and will be delivered to consumers | and IT Professionals in the coming weeks. However, as of 2018-06-11, we are not aware of any available microcode updates that address this issue for Intel processors. This bulletin will be updated once the Intel microcode updates are available. There are several important things to note about SSBD: 1. On both Intel and AMD processors, SSBD is globally disabled by default. If the user wishes to enable SSBD globally, the user must do so manually with the Xen boot option `spec-ctrl=ssbd=true`. However, enabling this option carries a performance penalty. 2. We concur with the analysis in XSA-263 that this vulnerability presents minimal risk to Xen itself and minimal risk of inter-guest attacks. Therefore, we believe that proper compartmentalization is sufficient for Qubes users to mitigate this issue without having to enable SSBD globally. 3. For Intel (but not AMD) processors, SSBD can be enabled locally by Xen guests without the user having to manually enable it globally. 4. For AMD (but not Intel) processors, SSBD cannot be enabled locally by Xen guests. The user must manually enable it globally for it to have any effect at all. 5. The guest kernel determines whether SSBD is automatically enabled for guests on systems with Intel processors. As of 2018-06-11, the kernels we currently offer in our repositories do not enable SSBD.