Date: Tue, 25 Jul 2023 18:12:44 +0100 From: "Eddie Chapman" <eddie@...k.net> To: oss-security@...ts.openwall.com Subject: Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice wrote: > this is a disaster of a security announcement from AMD. nothing is fixed > except for epyc. the only workaround anyone really has is the chicken bit, > thankfully. Yes, very disappointing. Pure speculation; perhaps they were planning on disclosing at the end of the year with full set of Microcode ready but something we don't know (yet) forced them to disclose early. Who knows. Very unscientific and limited test but I just compiled qemu 7.2.4 on a gentoo workstation with a Ryzen 7 3700X (Zen 2) running linux kernel 5.15.119. Took 5 min 37s. Rebooted into 5.15.122 with the chicken bit fix (confirmed in dmesg appears to be applied), compiled qemu again, this time it took 5 min 25s. So my initial impression is the chicken bit fix is fine in general but remains to be seen if certain workloads significantly impacted I guess.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.