[qubes-devel] Update for QSB-101: Register File Data Sampling (XSA-452) and Intel Processor Return Predictions Advisory (INTEL-SA-00982)

2024-03-25 Thread Andrew David Wong 
Dear Qubes Community,

*Update*: Marek Marczykowski-Górecki’s PGP signature is now available (see 
below).

We have updated [Qubes Security Bulletin (QSB) 101: Register File Data Sampling 
(XSA-452) and Intel Processor Return Predictions Advisory 
(INTEL-SA-00982)](https://github.com/QubesOS/qubes-secpack/blob/345734de68d6994d99f461f26e63a09043d4c09c/QSBs/qsb-101-2024.txt).
 The text of this updated QSB (including a changelog) and its accompanying 
cryptographic signatures are reproduced below, followed by a general 
explanation of this announcement and authentication instructions.

## Qubes Security Bulletin 101

```

 ---===[ Qubes Security Bulletin 101 ]===---

  2024-03-12

  Register File Data Sampling (XSA-452) and
 Intel Processor Return Predictions Advisory (INTEL-SA-00982)

Changelog
--

2024-03-12: Original QSB
2024-03-17: Add information about INTEL-SA-00982

User action


Continue to update normally [1] in order to receive the security updates
described in the "Patching" section below. No other user action is
required in response to this QSB.

Summary


On 2024-03-12, the Xen Project published XSA-452, "x86: Register File
Data Sampling" [3]:

| Intel have disclosed RFDS, Register File Data Sampling, affecting some
| Atom cores.
|
| This came from internal validation work.  There is no information
| provided about how an attacker might go about inferring data from the
| register files.

For more information, see Intel's security advisory. [4]

In addition, Intel published INTEL-SA-00982/CVE-2023-38575 [6] on the
same day:

| Non-transparent sharing of return predictor targets between contexts
| in some Intel® Processors may allow an authorized user to potentially
| enable information disclosure via local access.

Information about this vulnerability is very sparse.

Impact
---

On systems affected by Register File Data Sampling (RFDS), an attacker
might be able to infer the contents of data previously held in floating
point, vector, and/or integer register files on the same core, including
data from a more privileged context.

On systems affected by INTEL-SA-00982, an attacker might be able to leak
information from other security contexts, but the precise impact is
unclear.

Affected systems
-

At present, Register File Data Sampling (RFDS) is known to affect only
certain Atom cores from Intel. Other Intel CPUs and CPUs from other
hardware vendors are not known to be affected. RFDS affects Atom cores
between the Goldmont and Gracemont microarchitectures. This includes
Alder Lake and Raptor Lake hybrid client systems that have a mix of
Gracemont and other types of cores.

At the time of this writing, Intel has not published information about
which systems INTEL-SA-00982 affects. Systems that are still receiving
microcode updates from Intel [7] and that received a microcode update as
part of the microcode release on 2024-03-12 [5] may be affected, even if
they are not affected by RFDS.

Patching
-

The following packages contain security updates that address the
vulnerabilities described in this bulletin:

  For Qubes 4.1, in dom0:
  - Xen packages version 4.14.6-7
  - microcode_ctl 2.1-57.qubes1

  For Qubes 4.2, in dom0:
  - Xen packages version 4.17.3-4
  - microcode_ctl 2.1-57.qubes1

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [2] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [1]

Dom0 must be restarted afterward in order for the updates to take
effect.

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.

Credits


See the original Xen Security Advisory.

References
---

[1] https://www.qubes-os.org/doc/how-to-update/
[2] https://www.qubes-os.org/doc/testing/
[3] https://xenbits.xen.org/xsa/advisory-452.html
[4] 
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
[5] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md#microcode-20240312
[6] 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
[7] 
https://www.intel.com/content/www/us/en/support/articles/22396/processors.html

--
The Qubes Security Team
https://www.qubes-os.org/security/

```

*Source*: 


## [Marek 
Marczykowski-Górecki](https://www.qubes-os.org/team/#marek-marczykowski-górecki)'s
 PGP signature

```
-BEGIN PGP SIGNATURE-

iQIzBAABCAAdFiEELRdx/k12ftx2sIn61lWk8hgw4GoFAmYAyxAACgkQ1lWk8hgw

[qubes-devel] Update for QSB-101: Register File Data Sampling (XSA-452) and Intel Processor Return Predictions Advisory (INTEL-SA-00982)

2024-03-18 Thread Andrew David Wong 
Dear Qubes Community,

We have updated [Qubes Security Bulletin (QSB) 101: Register File Data Sampling 
(XSA-452) and Intel Processor Return Predictions Advisory 
(INTEL-SA-00982)](https://github.com/QubesOS/qubes-secpack/blob/c5693c8a4b81b3afb7cd7e6e44db3bbc36987049/QSBs/qsb-101-2024.txt).
 The text of this updated QSB (including a changelog) and its accompanying 
cryptographic signature are reproduced below, followed by a general explanation 
of this announcement and authentication instructions.

## Qubes Security Bulletin 101

```

 ---===[ Qubes Security Bulletin 101 ]===---

  2024-03-12

  Register File Data Sampling (XSA-452) and
 Intel Processor Return Predictions Advisory (INTEL-SA-00982)

Changelog
--

2024-03-12: Original QSB
2024-03-17: Add information about INTEL-SA-00982

User action


Continue to update normally [1] in order to receive the security updates
described in the "Patching" section below. No other user action is
required in response to this QSB.

Summary


On 2024-03-12, the Xen Project published XSA-452, "x86: Register File
Data Sampling" [3]:

| Intel have disclosed RFDS, Register File Data Sampling, affecting some
| Atom cores.
|
| This came from internal validation work.  There is no information
| provided about how an attacker might go about inferring data from the
| register files.

For more information, see Intel's security advisory. [4]

In addition, Intel published INTEL-SA-00982/CVE-2023-38575 [6] on the
same day:

| Non-transparent sharing of return predictor targets between contexts
| in some Intel® Processors may allow an authorized user to potentially
| enable information disclosure via local access.

Information about this vulnerability is very sparse.

Impact
---

On systems affected by Register File Data Sampling (RFDS), an attacker
might be able to infer the contents of data previously held in floating
point, vector, and/or integer register files on the same core, including
data from a more privileged context.

On systems affected by INTEL-SA-00982, an attacker might be able to leak
information from other security contexts, but the precise impact is
unclear.

Affected systems
-

At present, Register File Data Sampling (RFDS) is known to affect only
certain Atom cores from Intel. Other Intel CPUs and CPUs from other
hardware vendors are not known to be affected. RFDS affects Atom cores
between the Goldmont and Gracemont microarchitectures. This includes
Alder Lake and Raptor Lake hybrid client systems that have a mix of
Gracemont and other types of cores.

At the time of this writing, Intel has not published information about
which systems INTEL-SA-00982 affects. Systems that are still receiving
microcode updates from Intel [7] and that received a microcode update as
part of the microcode release on 2024-03-12 [5] may be affected, even if
they are not affected by RFDS.

Patching
-

The following packages contain security updates that address the
vulnerabilities described in this bulletin:

  For Qubes 4.1, in dom0:
  - Xen packages version 4.14.6-7
  - microcode_ctl 2.1-57.qubes1

  For Qubes 4.2, in dom0:
  - Xen packages version 4.17.3-4
  - microcode_ctl 2.1-57.qubes1

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [2] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [1]

Dom0 must be restarted afterward in order for the updates to take
effect.

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.

Credits


See the original Xen Security Advisory.

References
---

[1] https://www.qubes-os.org/doc/how-to-update/
[2] https://www.qubes-os.org/doc/testing/
[3] https://xenbits.xen.org/xsa/advisory-452.html
[4] 
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
[5] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md#microcode-20240312
[6] 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
[7] 
https://www.intel.com/content/www/us/en/support/articles/22396/processors.html

--
The Qubes Security Team
https://www.qubes-os.org/security/

```

*Source*: 


## [Marek 
Marczykowski-Górecki](https://www.qubes-os.org/team/#marek-marczykowski-górecki)'s
 PGP signature

At the time of this writing, Marek is traveling and is therefore not available 
to sign this QSB update. He will sign it when he returns. In the meantime, you 
can still authenticate his [original