diff options
| author | Fernando Rodrigues <alpha@sigmasquadron.net> | 2025-07-08 11:12:33 -0300 |
|---|---|---|
| committer | Fernando Rodrigues <alpha@sigmasquadron.net> | 2025-07-10 13:06:20 +0000 |
| commit | 13509e2fb731b75015fc1eb4f4ff0186e9c11d4f (patch) | |
| tree | 857a70c9a775504dda6d7253b22af4a3bd95ae72 /pkgs/development/python-modules/rangehttpserver | |
| parent | d2cb712ff42e36a466e25131b17a5403c7b3d4f3 (diff) | |
xen: 4.20.0 -> 4.20.1
https://xenbits.xen.org/xsa/advisory-471.html
Researchers from Microsoft and ETH Zurich have discovered several new
speculative sidechannel attacks which bypass current protections. They
are detailed in a paper titled "Enter, Exit, Page Fault, Leak: Testing
Isolation Boundaries for Microarchitectural Leaks".
Two issues, which AMD have named Transitive Scheduler Attacks, utilise
timing information from instruction execution. These are:
* CVE-2024-36350: TSA-SQ (TSA in the Store Queues)
* CVE-2024-36357: TSA-L1 (TSA in the L1 data cache)
For more information, see:
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
https://aka.ms/enter-exit-leak
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
Diffstat (limited to 'pkgs/development/python-modules/rangehttpserver')
0 files changed, 0 insertions, 0 deletions