Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors

[Solar Designer <solar () openwall com>]

On Mon, Jul 24, 2023 at 07:28:18AM -0700, Tavis Ormandy wrote:
> Hello, this is CVE-2023-20593, a use-after-free in AMD Zen2 processors.

An impressive finding, indeed!

On a related note:

A few months earlier, Tavis found a _different_ AMD Zen1/Zen2 bug, which
turned out to have already been known and patched in AMD microcode
updates for many affected parts (but apparently not all).  There's also
a kernel level workaround, which was included into Linux in response to
Tavis' rediscovery of that issue.  Here are the links for that other
issue/fix, for distros to double-check they're fixing this one as well:

x86: AMD Zen2 ymm registers rolling back (Feb 21, 2023)
https://lore.kernel.org/lkml/Y%2FW4x7%2FKFqmDmmR7 () thinkstation cmpxchg8b net/

x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (Mar 8, 2023)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0563468eeac88ebc70559d52a0b66efc37e4e9d

Once again, it's a different bug - not the one that this oss-security
thread is mainly about - but both have cross-process security impact,
affect similar AMD CPUs, and need to be taken care of by similar means
(microcode updates or/and disabling of affected CPU features in the
kernel).

Alexander