Transaction Asynchronous Abort (TAA) h/w issue, which affects Intel CPUs, is mitigated in two ways. One is by disabling Transactional Synchronisation Extensions (TSX) feature of the CPU. And second is by clearing the affected Store/Fill/Load port architectural buffers, which may hold sensitive information bits. It was found that the current kernel fixes don't completely fix TAA issue for the guest VMs. When a guest is running on a host CPU affected by TAA flaw (ie. TAA_NO=0) but not affected by MDS issue (ie MDS_NO=1), to mitigate TAA issue, guest was to clear the affected buffers by using VERW instruction mechanism. But when MDS_NO=1 bit was exported to the guests, guest did not quite use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs, which are affected by the TAA (ie. TAA_NO=0) issue, but are not affected by the MDS (ie. MDS_NO=1) issue. It requires that host has 'TSX' enabled. Upstream patches: ----------------- -> https://git.kernel.org/linus/cbbaa2727aa3ae9e0a844803da7cef7fd3b94f2b -> https://git.kernel.org/linus/c11f83e0626bdc2b6c550fc8b9b6eeefbd8cefaa -> https://git.kernel.org/linus/b07a5c53d42a8c87b208614129e947dd2338ff9c Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/12/10/3
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1781527]
External References: https://www.openwall.com/lists/oss-security/2019/12/10/3 https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
Mitigation: Please refer to the Red Hat Knowledgebase Transactional Synchronization Extensions (TSX) Asynchronous Abort article (https://access.redhat.com/solutions/tsx-asynchronousabort) for mitigation instructions.
Statement: For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19338
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0834 https://access.redhat.com/errata/RHSA-2020:0834
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0839 https://access.redhat.com/errata/RHSA-2020:0839
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:1465 https://access.redhat.com/errata/RHSA-2020:1465