oss-sec mailing list archives

Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability

From: Bastian Blank <bblank () thinkmo de>
Date: Thu, 6 Mar 2025 06:50:13 +0100

On Thu, Mar 06, 2025 at 05:48:56AM +0100, Solar Designer wrote:

First of all, there's an equivalent change in Linux.
https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb2281fb05e50108ce95c43ab7e701ee564565c8

Oh, I had missed that, thanks!


Who is expected to maintain this list of hashes?  Because this sounds
like a huge maintenance hog, as this will now block any security updates
of the microcode.

Bastian

-- 
It would be illogical to assume that all conditions remain stable.
                -- Spock, "The Enterprise Incident", stardate 5027.3

Current thread:

Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper (Mar 05)
- Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer (Mar 05)
  - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper (Mar 05)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer (Mar 05)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Bastian Blank (Mar 05)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer (Mar 05)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper (Mar 06)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper (Mar 07)
    - Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer (Mar 12)