Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Mar 2016 15:28:11 +0100
From: Robert Święcki <robert@...ecki.net>
To: oss-security@...ts.openwall.com
Subject: Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to
 behave in a problematic way

2016-02-28 5:28 GMT+01:00 Robert Święcki <robert@...ecki.net>:

> AMD newest public ucode 0x06000832 for Piledriver-based CPUs (newer
> AMD FX, and Opteron 3300/4300/6300 series) seems to be broken. Under
> certain conditions it allows unprivileged users running under qemu VMs
> to affect the host Linux kernel in a problematic manner: the CPU
> starts to behave in an erratic way, and it leads to CPU execution flow
> of the host kernel (the one running on bare metal) to be changed.

It seems that AMD (somewhat silently) released - in
https://lkml.org/lkml/2016/3/17/43 - a new microcode for 15th family
of AMD CPUs.

I applied this patch to the previous ucode, and got this -
http://alt.swiecki.net/.a/amd-ucode-20160316.tbz2 - which resulted in:

[1634167.526985] microcode: CPU0: new patch_level=0x0600084f
[1634167.560059] microcode: CPU2: new patch_level=0x0600084f
[1634167.584795] microcode: CPU4: new patch_level=0x0600084f
[1634167.609298] microcode: CPU6: new patch_level=0x0600084f

Quick testing suggests that bugs from 0x06000832 and 0x06000836 ucode
versions are gone. Unfortunately it's not published yet on
http://www.amd64.org/microcode.html nor the new README/errata is
available, so I have no more details on that, but given that AMD
promised new ucode in March fixing this problem - as per
http://www.theregister.co.uk/2016/03/06/amd_microcode_6000836_fix/ -
this might be it.

-- 
Robert Święcki

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ