!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

734 Members
Coordination and triage of security issues in nixpkgs227 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
14 Nov 2023
@julian:nekover.se@julian:nekover.se changed their display name from Julian to June.02:20:57
@hexa:lossy.networkhexa https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114 16:43:25
@vyls:matrix.org@vyls:matrix.org left the room.18:21:42
@void68:matrix.orgvoid
In reply to @hexa:lossy.network
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114

Name of the issue: Redundant Prefix Issue

Description of the issue
Under certain microarchitectural conditions, Intel has identified cases
where execution of an instruction (REP MOVSB) encoded with a redundant
REX prefix may result in unpredictable system behavior resulting in a
system crash/hang, or, in some limited scenarios, may allow escalation
of privilege from CPL3 to CPL0.
This Redundant Prefix Issue is assigned CVE-2023-23583 with a CVSS Base
Score of 8.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

19:29:02
@zzywysm:matrix.orgzzywysmhttps://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/20:56:02
@k900:0upti.meK900Awful headline20:57:40
@k900:0upti.meK900CacheWarp affects only AMD systems with the following processors that come with SEV support: 1st Gen AMD EPYC Processors (SEV and SEV-ES) 2nd Gen AMD EPYC Processors (SEV and SEV-ES) 3rd Gen AMD EPYC Processors (SEV, SEV-ES, SEV-SNP) According to AMD's advisory, the issue does not impact AMD 4th generation 'Genoa' EPYC processors (Zen 4 microarchitecture). The company says there is no mitigation for first or second generations of EPYC processors because the SEV and SEV-ES features lack protection functionality for guest VM memory, while the SEV-SNP feature is unavailable.20:58:04
@k900:0upti.meK900Also20:58:49
@k900:0upti.meK900Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.20:58:51
@k900:0upti.meK900So basically this is only relevant for systems running trusted VMs on an untrusted hypervisor20:59:16
@k900:0upti.meK900 Which is exceptionally rare 20:59:20
15 Nov 2023
@kranzes:matrix.orgkranzes joined the room.12:38:37

Show newer messages

Back to Room ListRoom Version: 6