oss-sec mailing list archives
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors
From: Matthias Schmidt <oss-sec () xosc org>
Date: Tue, 25 Jul 2023 19:30:39 +0200
* Eddie Chapman wrote:
alice wrote:this is a disaster of a security announcement from AMD. nothing is fixed except for epyc. the only workaround anyone really has is the chicken bit, thankfully.Yes, very disappointing. Pure speculation; perhaps they were planning on disclosing at the end of the year with full set of Microcode ready but something we don't know (yet) forced them to disclose early. Who knows.
According to the writeup [1] in Google's security repo "AMD unexpectedly published patches" and was then forced to agree on an earlier disclosure date. Mistakes happens to everyone... [1] https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed
Current thread:
- CVE-2023-20593: A use-after-free in AMD Zen2 Processors Tavis Ormandy (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Eddie Chapman (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Matthias Schmidt (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Demi Marie Obenour (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Lucas Rolff (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jeffrey Walton (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray (Jul 25)
- Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers (Jul 24)