Bug 2049531 (CVE-2021-0145)

Summary: CVE-2021-0145 microcode: Fast store forward predictor - Cross Domain Training
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: esyr, security-response-team, skozina
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in microcode. Fast store forwarding prediction in one domain could be controlled by software previously executed in another domain. Such control helps a malicious program running in user mode (or guest VM) to trigger transient execution gadgets in supervisor mode (or VMM), potentially leading to sensitive data disclosure. Fast store forward prediction is not enabled when SSBD is set. This flaw allows an authenticated user with local access to perform information disclosure via transient execution.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2049544, 2049545, 2049546, 2049547, 2049548, 2049549, 2049550, 2049551, 2049552, 2049553, 2049554    
Bug Blocks: 2049526    

Description Petr Matousek 2022-02-02 11:47:35 UTC
Fast store forwarding prediction in one domain could be controlled by software previously executed in another domain. Such control could help a malicious program running in user mode (or guest VM)  to trigger transient execution gadgets in supervisor mode (or VMM), potentially leading to sensitive data disclosure. Fast store forward prediction is not enabled when SSBD is set. An authenticated user with local access may be able to perform information disclosure via transient execution.