The Xen Project has released a fix for a vulnerability on some Arm-based systems that could enable one guest to read sensitive data from memory that had been used by a different guest.
The bug (CVE-2023-34321) only affects Xen running on 32-bit Arm systems, but it affects all current versions of Xen. The problem is the result of an issue with the way that Arm processors handle the process of cleaning the cache.
“Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest,” the Xen advisory says.
“Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.”
The Xen virtualization system is among the more popular such systems in use, and is used in both enterprises and cloud deployments in many different industries. The hypervisor also is used in a variety of embedded systems.