Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spectre-meltdown-checker reports CVE-2018-3639 aka 'Variant 4, speculative store bypass' #9432

Open
adrelanos opened this issue Aug 25, 2024 · 1 comment
Open

spectre-meltdown-checker reports CVE-2018-3639 aka 'Variant 4, speculative store bypass' #9432

adrelanos opened this issue Aug 25, 2024 · 1 comment
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: kernel needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.

Comments

@adrelanos
Copy link
Member

Qubes OS release

4.2.2

Brief summary

CVE-2018-3639 aka 'Variant 4, speculative store bypass' is being reported by spectre-meltdown-checker (#4262) with Qubes dom0 default kernel boot parameters settings (GRUB configuration).

Steps to reproduce

In dom0.

sudo qubes-dom0-update spectre-meltdown-checker
sudo spectre-meltdown-checker --paranoid

Expected behavior

No such notification about vulnerability.

Actual behavior

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  NO 
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

Suggested solution

Set kernel parameter spec_store_bypass_disable=on. This is how security-misc (#1885) is doing this.

file /etc/default/grub.d/40_cpu_mitigations.cfg:

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
@adrelanos adrelanos added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. labels Aug 25, 2024
@rustybird
Copy link

QSB-40 says:

We concur with the analysis in XSA-263 that this vulnerability presents minimal risk to Xen itself and minimal risk of inter-guest attacks. Therefore, we believe that proper compartmentalization is sufficient for Qubes users to mitigate this issue without having to enable SSBD globally.

@andrewdavidwong andrewdavidwong changed the title spectre-meltdown-checker reports CVE-2018-3639 aka 'Variant 4, speculative store bypass' / set kernel parameter spec_store_bypass_disable=on by default spectre-meltdown-checker reports CVE-2018-3639 aka 'Variant 4, speculative store bypass' Aug 26, 2024
@andrewdavidwong andrewdavidwong added C: kernel security This issue pertains to the security of Qubes OS. needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. affects-4.2 This issue affects Qubes OS 4.2. labels Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: kernel needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adrelanos @rustybird @andrewdavidwong