Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZMAGvwcJxktCgMBQ@xosc.org>
Date: Tue, 25 Jul 2023 19:30:39 +0200
From: Matthias Schmidt <oss-sec@...c.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2023-20593: A use-after-free in AMD Zen2
 Processors

* Eddie Chapman wrote:
> alice wrote:
> > this is a disaster of a security announcement from AMD. nothing is fixed
> > except for epyc. the only workaround anyone really has is the chicken bit,
> > thankfully.
> 
> Yes, very disappointing. Pure speculation; perhaps they were planning on
> disclosing at the end of the year with full set of Microcode ready but
> something we don't know (yet) forced them to disclose early. Who knows.

According to the writeup [1] in Google's security repo "AMD unexpectedly
published patches" and was then forced to agree on an earlier disclosure
date.

Mistakes happens to everyone...

[1]
https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.