Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory XSA-245
ARM: Some memory not scrubbed at boot
NOTE REGARDING LACK OF EMBARGO
This bug was discussed publicly before it was realised that it was a
Data can remain readable in DRAM across soft and even hard reboots.
To ensure that sensitive data is not leaked from one domain to another
after a reboot, Xen must "scrub" all memory on boot (write it with
Unfortunately, it was discovered that when memory was in disjoint blocks,
or when the first block didn't begin at physical address 0, arithmetic
errors meant that some memory was not scrubbed.
Sensitive information from one domain before a reboot might be visible
to another domain after a reboot.
Only ARM systems are vulnerable.
All versions of Xen since 4.5 are vulnerable.
Only hardware with disjoint blocks, or physical addresses not starting at 0
are vulnerable; this includes the majority of ARM systems.
Applying the appropriate attached patches resolves this issue.