Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Jul 2023 18:12:44 +0100
From: "Eddie Chapman" <>
Subject: Re: CVE-2023-20593: A use-after-free in AMD Zen2

alice wrote:
> this is a disaster of a security announcement from AMD. nothing is fixed
> except for epyc. the only workaround anyone really has is the chicken bit,
> thankfully.

Yes, very disappointing. Pure speculation; perhaps they were planning on
disclosing at the end of the year with full set of Microcode ready but
something we don't know (yet) forced them to disclose early. Who knows.

Very unscientific and limited test but I just compiled qemu 7.2.4 on a
gentoo workstation with a Ryzen 7 3700X (Zen 2) running linux kernel
5.15.119. Took 5 min 37s. Rebooted into 5.15.122 with the chicken bit fix
(confirmed in dmesg appears to be applied), compiled qemu again, this time
it took 5 min 25s. So my initial impression is the chicken bit fix is fine
in general but remains to be seen if certain workloads significantly
impacted I guess.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.