Bug 2049531 (CVE-2021-0145) - CVE-2021-0145 microcode: Fast store forward predictor - Cross Domain Training
Summary: CVE-2021-0145 microcode: Fast store forward predictor - Cross Domain Training
Keywords:
Status: NEW
Alias: CVE-2021-0145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2049544 2049545 2049546 2049547 2049548 2049549 2049550 2049551 2049552 2049553 2049554
Blocks: 2049526
TreeView+ depends on / blocked
 
Reported: 2022-02-02 11:47 UTC by Petr Matousek
Modified: 2023-07-07 08:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in microcode. Fast store forwarding prediction in one domain could be controlled by software previously executed in another domain. Such control helps a malicious program running in user mode (or guest VM) to trigger transient execution gadgets in supervisor mode (or VMM), potentially leading to sensitive data disclosure. Fast store forward prediction is not enabled when SSBD is set. This flaw allows an authenticated user with local access to perform information disclosure via transient execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Petr Matousek 2022-02-02 11:47:35 UTC 
Fast store forwarding prediction in one domain could be controlled by software previously executed in another domain. Such control could help a malicious program running in user mode (or guest VM)  to trigger transient execution gadgets in supervisor mode (or VMM), potentially leading to sensitive data disclosure. Fast store forward prediction is not enabled when SSBD is set. An authenticated user with local access may be able to perform information disclosure via transient execution.
Note You need to log in before you can comment on or make changes to this bug.