funsec mailing list archives

RE: Description of the Intel CPU bugs

From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Thu, 28 Jun 2007 11:08:08 -0400

de Raadt makes reference to BIOS vendors providing fixes but there's a
fix from Microsoft in a KB article at
http://support.microsoft.com/?kbid=936357. They call it a "microcode
reliability update". 
 
Does this mean that microcode in these CPUs is actually
field-upgradable? I wonder if Joanna Rutkowska knows about this.
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/> 
http://blogs.eweek.com/cheap_hack/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer> 
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 
 

________________________________

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Thursday, June 28, 2007 9:33 AM
To: funsec () linuxbox org
Subject: [funsec] Description of the Intel CPU bugs


http://marc.info/?l=openbsd-misc&m=118296441702631
 
List:       openbsd-misc <http://marc.info/?l=openbsd-misc&r=1&w=2> 
Subject:    Intel Core 2 <http://marc.info/?t=118296457100003&r=1&w=2> 
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
<http://marc.info/?a=90366097200024&r=1&w=2> 
Date:       2007-06-27 17:08:16
<http://marc.info/?l=openbsd-misc&r=1&w=2&b=200706> 
Message-ID: 200706271708.l5RH8GkK024621 () cvs ! openbsd ! org
<http://marc.info/?i=200706271708.l5RH8GkK024621%20()%20cvs%20!%20openbs
d%20!%20org> 
[Download message RAW
<http://marc.info/?l=openbsd-misc&m=118296441702631&q=raw> ]

Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.

These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.

As is typical, BIOS vendors will be very late providing workarounds /
fixes for these processors bugs.  Some bugs are unfixable and cannot
be worked around.  Intel only provides detailed fixes to BIOS vendors
and large operating system groups.  Open Source operating systems are
largely left in the cold.

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Description of the Intel CPU bugs Richard M. Smith (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
  - RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
  - Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
    - RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
    - Re: Description of the Intel CPU bugs Matthew Murphy (Jun 28)
    - Is this a hoax? Blanchard_Michael (Jun 28)
    - Re: Is this a hoax? B.K. DeLong (Jun 28)
    - Re: Is this a hoax? Valdis . Kletnieks (Jun 28)
    - RE: Is this a hoax? Blanchard_Michael (Jun 28)
    - Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
    - Re: Description of the Intel CPU bugs Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 30)

(Thread continues...)