Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
From: Andrew Cooper <andrew.cooper3 () citrix com>
Date: Wed, 4 Dec 2013 22:43:08 +0000

On 02/12/2013 22:43, Matthew Daley wrote:
On Tue, Dec 3, 2013 at 7:16 AM, Kurt Seifried <kseifried () redhat com> wrote:
On 12/02/2013 10:22 AM, Ian Jackson wrote:
* Should the Xen Project security te4am have treated this issue
with an embargo at all, given that the flaw itself was public ?
I would say this depends on the level of public disclosure. For
example from "upstream" (AMD) there was a very limited disclosure (no
public announcement I'm aware of) and just some notes in a single PDF.
However this was also made public via the person who found it and then
picked up by ZDnet in an article, so I would personally count that as
quite public.
Can you post a link to this ZDnet article? I don't think it can be the
one linked in the CVE description itself, because that talks about a
different, earlier bug IIUC; I privately asked Matt Dillon, who
discovered Errata 721, and he agreed that this CVE talks about a
different (but maybe related) Errata, #793.

- Matthew

The email (ID 201311280223.rAS2NbPL019021 () linus mitre org) has the
following links

http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html

http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924

And identifies them as related to CVE-2013-6885

Unless DragonflyBSD is giving Write Combining memory to its regular
userspace processes (which would frankly be crazy and cause abysmal
performance - uncacheable reads have a habit of slowing things down
somewhat), I cant see any similarity between the CVE and the problem
described by Matt Dillon in the links.

The zdnet article quotes a statement from AMD of:

Also, this marginal erratum impacts the previous four generations of AMD
Opteron processors which include the AMD Opteron 2300,8300
8300("Barcelona" and "Shanghai",) 2400, 8400 ("Istanbul",) and 4100,
6100 ("Lisbon" and "Magny-Cours") series processors.


None of these generations are the "Jaguar Architecture" Family 16h
identified in the erratum description from #793  Furthermore, Matt
Dillon appears to be under the impression that he found erratum #721.

It therefore appears that the original MITRE email was incorrect as
identifying the two links (refering to #721, and nearly 2 years old
judging by http://article.gmane.org/gmane.os.dragonfly-bsd.kernel/14518)
as related to #793 (whos errata document's inital release was June of
this year).

Can anyone from AMD formally confirm or deny a link between errata #721
and #793 ?

~Andrew


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]