[email protected]: > Is Qubes affected by the SWAPGS attack? >From the Bitdefender "white paper" [1] (They reported this vuln.):
"A quick analysis of the Hyper-V kernel and of the Xen hypervisor kernel revealed that the SWAPGS instruction is not used, so exploitation is impossible." [1]: https://businessresources.bitdefender.com/hubfs/noindex/Bitdefender-WhitePaper-SWAPGS.pdf > I haven’t found a statement or Security Advisory from Xen. But it > seems Xen still hasn’t even fixed the original Spectre v1 yet: > https://xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ > At the time of original Spectre, v1 was deemed very hard to exploit on > Xen, but new variants of v1 like v1.1 and SWAPGS may invalidate that > hypothesis. For Spectre variant 1 my understanding is that they are not aware of a exploitable code path in Xen. But they are working on hardening. For example grep the commit log for array_index_nospec or see [2] for an arbitrary example where they discuss this during review. In the long run I hope there will be some compiler assisted technique instead of manual review, which likely misses cases. But something like this is not in place currently. See [3] for a description of the non-public gcc plugin from grsecurity which implements this approach. [2]: https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html [3]: https://grsecurity.net/respectre_announce.php Simon -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06688f5c-e93d-3089-bbd5-33f9f8d7c336%40invisiblethingslab.com.
signature.asc
Description: OpenPGP digital signature
