`spectre-meltdown-checker` reports `CVE-2018-3639 aka 'Variant 4, speculative store bypass'`

adrelanos commented 2 months ago

Qubes OS release

4.2.2

Brief summary

CVE-2018-3639 aka 'Variant 4, speculative store bypass' is being reported by spectre-meltdown-checker (#4262) with Qubes dom0 default kernel boot parameters settings (GRUB configuration).

Steps to reproduce

In dom0.

sudo qubes-dom0-update spectre-meltdown-checker
sudo spectre-meltdown-checker --paranoid

Expected behavior

No such notification about vulnerability.

Actual behavior

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  NO 
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

Suggested solution

Set kernel parameter spec_store_bypass_disable=on. This is how security-misc (#1885) is doing this.

file /etc/default/grub.d/40_cpu_mitigations.cfg:

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"

rustybird commented 2 months ago

QSB-40 says:

We concur with the analysis in XSA-263 that this vulnerability presents minimal risk to Xen itself and minimal risk of inter-guest attacks. Therefore, we believe that proper compartmentalization is sufficient for Qubes users to mitigate this issue without having to enable SSBD globally.

adrelanos commented 1 week ago

What do you mean by minimal risk? How minimal is minimal?

However, in most configurations, within-guest information leak is possible.

Are within-guest information leaks out-of-scope for Qubes?

QubesOS / qubes-issues