'[oss-security] Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a proble'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a proble
From:       cve-assign () mitre ! org
Date:       2016-02-28 15:56:14
Message-ID: 20160228155614.9D9FC6C05FA () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> ... leads to CPU execution flow
> of the host kernel (the one running on bare metal) to be changed.

[ see also
https://www.reddit.com/r/linux/comments/47s8a8/new_amd_microcode_vulnerability_from_unprivileged/ ]

We don't think we can send any related AMD CVE ID or IDs here because
this microcode isn't an open-source product:

  https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amd-ucode
  "You may not reverse engineer, decompile, or disassemble this Software
  or any portion thereof."

CVE IDs for AMD products are available from cve-assign@mitre.org (we
understand that the 0x06000832 information is directly relevant to use
of open-source products; also, it's at least conceivable that someone
will announce a security update to an open-source product with a
workaround for the behavior, or for the existence, of 0x06000832).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW0xgeAAoJEL54rhJi8gl5KEwP/iy02HVY+3QifTREEpq93md0
9hN9WwBItTU48PH0bYOHe7POBC0K5hmxhC9CE5iA53h+d9OiLnXxfQRjQUnrmylx
78ZvZ0r7kmUoB6KcOgYXKXeEWleIpD3ca9eUAhEuIZjYbE7fxL3OJXW+cQ4IYL7P
hGdpOajzckWRemiN3ELjQc2Lnitj6ef8suHbrHnQLaMHPjufaowJ/mPa3gtZgtC8
0gAw2MGiyxHQ4GFDOWNmBICbTwiJWwRtMOJdSHX63zn518038MeLal/9UcQlcxPC
Fi1oVTteJC2oh7iYhTjRXy8hYcGC7Wdefyg0rqQ4WgCkysYvOeYbpiREmG71e0mG
9QsDCSKvnyolDBC+9aSsFFtC022kRzmdRCGBokPAaiXduXRYxcDJPUd07YBtIw5y
5zfe/Z7wmKDiM+tDmVsUFqbW0Q0jccbBM/WsHJfAV2feYIDMC/gO1moPASeKbLrm
ZYD+jc6k2CDq7NQZNTsCzOhUAM1rr2BQmuG1ZOxwkP5Tnv7Iku1X559vIdVZ3n7c
ZxegRoUXMmCJalpzRCrRYtwL0ipvNvPAbwZ04hxiqQhlENLyBL/bAWRK90wYjlsS
pUBjlSxsrJ21hm9CnoPonhkdMNCv+aFS5LTY+0WQ6uRXbjrRJ3cluS0ZGJ86HR22
ZzYJ6UNbLzaxIdLe9qGe
=Logq
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic