oss-sec mailing list archives
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors
From: Jonathan Gray <jsg () jsg id au>
Date: Tue, 25 Jul 2023 11:27:48 +1000
On Mon, Jul 24, 2023 at 01:41:36PM -0400, Marc Deslauriers wrote:
Hi, There seems to be confusion regarding which is the correct commit: Your blog post says it's 0bc3126c9cfa0b8c761483215c25382f831a7c6f which is for family 17h. This post says it's b250b32ab1d044953af2dc5e790819a7703b7ee6 which is for family 19h. I assume the 17h family one is the correct one? Thanks, Marc.
Yes, but it by no means covers all zen 2 models. See amd-ucode/README Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a Length=3200 bytes Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes 17-31-00 Rome/Castle Peak 0x0830107a 17-a0-00 Mendocino 0x08a00008 Models missing include: 17-60-01 Renoir 0x0860010b 17-68-01 Lucienne 0x08608105 17-71-00 Matisse 0x08701032 17-90-02 Van Gogh The known good patch levels are used by xen and linux. But the microcode for Renoir, Lucienne and Matisse is not available as far as I can tell.
Current thread:
- CVE-2023-20593: A use-after-free in AMD Zen2 Processors Tavis Ormandy (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Eddie Chapman (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Matthias Schmidt (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Demi Marie Obenour (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Lucas Rolff (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jeffrey Walton (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)