oss-sec mailing list archives
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak
From: Solar Designer <solar () openwall com>
Date: Wed, 4 Oct 2023 15:41:50 +0200
Regarding AMD not intending to provide a microcode mitigation: On Tue, Oct 03, 2023 at 04:04:31PM -0700, Jean Luc Picard wrote:
No intent? It wouldn't be terribly hard
Possibly not terribly hard, but (with my also too limited understanding) probably not in any of the ways you suggested.
That said I could understand the want to depricate zen1 support entirely, everyone upgraded when they could it was super super cheap to do so & there weren't really any enterprise users.
That's false. Zen1 is still found in major clouds. The AMD security bulletin: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html specifically lists "Datacenter AMD EPYC 7001 Processors" as affected, and these are used e.g. in: https://aws.amazon.com/about-aws/whats-new/2021/04/amazon-ec2-instances-featuring-amd-epyc-processors-are-now-available-in-additional-regions/ "M5a, R5a and T3a instances are variants of Amazon EC2 general purpose (M5), memory optimized (R5) and burstable general-purpose (T3) instance families. These instances feature AMD EPYC 7001 series processors" That was in 2021, but indeed the T3a tab at: https://aws.amazon.com/ec2/amd/ still says: "Amazon EC2 T3a instances feature AMD EPYC 7000 series processors" T3 are the most common/default AWS instance family with Intel CPUs, and T3a are probably the most commonly used AMD alternative to them. I don't mean to single out AWS, I think it's similar with many other cloud and dedicated server providers. This is just a prominent example. Alexander
Current thread:
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Jeremy Stanley (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Jean Luc Picard (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Jean Luc Picard (Oct 04)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Oct 04)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Jeremy Stanley (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Oct 03)
- <Possible follow-ups>
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Oct 03)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer (Oct 04)
- Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper (Oct 03)