Date: Fri, 18 Mar 2016 15:28:11 +0100 From: Robert Święcki <robert@...ecki.net> To: oss-security@...ts.openwall.com Subject: Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way 2016-02-28 5:28 GMT+01:00 Robert Święcki <robert@...ecki.net>: > AMD newest public ucode 0x06000832 for Piledriver-based CPUs (newer > AMD FX, and Opteron 3300/4300/6300 series) seems to be broken. Under > certain conditions it allows unprivileged users running under qemu VMs > to affect the host Linux kernel in a problematic manner: the CPU > starts to behave in an erratic way, and it leads to CPU execution flow > of the host kernel (the one running on bare metal) to be changed. It seems that AMD (somewhat silently) released - in https://lkml.org/lkml/2016/3/17/43 - a new microcode for 15th family of AMD CPUs. I applied this patch to the previous ucode, and got this - http://alt.swiecki.net/.a/amd-ucode-20160316.tbz2 - which resulted in: [1634167.526985] microcode: CPU0: new patch_level=0x0600084f [1634167.560059] microcode: CPU2: new patch_level=0x0600084f [1634167.584795] microcode: CPU4: new patch_level=0x0600084f [1634167.609298] microcode: CPU6: new patch_level=0x0600084f Quick testing suggests that bugs from 0x06000832 and 0x06000836 ucode versions are gone. Unfortunately it's not published yet on http://www.amd64.org/microcode.html nor the new README/errata is available, so I have no more details on that, but given that AMD promised new ucode in March fixing this problem - as per http://www.theregister.co.uk/2016/03/06/amd_microcode_6000836_fix/ - this might be it. -- Robert Święcki
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.