New Sidechannels for newish Intel - Are we affected?

TL;DR spectre kind bug that allows reading memory where not intended.

3 Likes

There has been no post on this yet on the Qubes website, but it does seem that Qubes is affected.

Xen posted an XSA a few days ago:
https://xenbits.xen.org/xsa/advisory-469.html

It requires updates to both Xen and Intel microcode. Both were pushed to the testing/security repository:

3 Likes

Its always kind of bad when hardware correctness depends on software patches being applied.
Microcode is such a weird kind of “updatable (as a noun)”

3 Likes

Per-VM memory encryption would be a good protection against all these side-channel stuff.

The question is how will they keys be protected (as they still need to be in RAM?).

2 Likes

The indirect target selection is for the “training solo” vulnerabilities, it’s not the same as the branch privilege injection vulnerability.

Two different vulnerabilities were found in Intel CPUs.

https://www.phoronix.com/news/Training-Solo-Vulnerability

https://www.phoronix.com/news/Branch-Privilege-Injection

2 Likes

I assumed the article was about the first one, my bad. There still hasn’t been a post from the Qubes team about the “training solo” one, so at least that part has been answered.

Apparently, the Intel microcode I linked covers the branch privilege injection, based on this post from the Xen mailing list:
https://lore.kernel.org/all/6ff1387d-6577-455d-8a1a-0dee04907b1c@citrix.com/

3 Likes

A new QSB is being finalized and will be published very soon. Hold tight.

2 Likes

Here it is:

4 Likes