CVE-2021-28690
CVE-2021-28690
In short
After a computer wakes up from sleep mode (S3 suspend), the security protection against a CPU vulnerability called TSX Async Abort is not properly restored, leaving the system vulnerable to attacks that exploit speculative execution flaws.
Technical detail
CVE-2021-28690 involves improper restoration of TSX_CTRL MSR settings after S3 suspend/resume cycles in x86 systems. The TAA mitigation (TSX disabling via MSR_TSX_CTRL non-default configuration) is lost upon resume, re-exposing the system to speculative execution attacks that can leak sensitive data. This affects guests and hosts relying on TSX disabling as their primary TAA defense mechanism.
Summary generated and translated by AI from the official description.
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.
Affected products
Xen · xenWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →