ISSUE DESCRIPTION ================= Data can remain readable in DRAM across soft and even hard reboots. To ensure that sensitive data is not leaked from one domain to another after a reboot, Xen must "scrub" all memory on boot (write it with zeroes). Unfortunately, it was discovered that when memory was in disjoint blocks, or when the first block didn't begin at physical address 0, arithmetic errors meant that some memory was not scrubbed. IMPACT ====== Sensitive information from one domain before a reboot might be visible to another domain after a reboot. VULNERABLE SYSTEMS ================== Only ARM systems are vulnerable. All versions of Xen since 4.5 are vulnerable. Only hardware with disjoint blocks, or physical addresses not starting at 0 are vulnerable; this includes the majority of ARM systems. MITIGATION ========== None. External References: http://xenbits.xen.org/xsa/advisory-245.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1499843]
Acknowledgments: Name: the Xen project