oss-sec mailing list archives
AMD Microcode Signature Verification Vulnerability
From: Tavis Ormandy <taviso () gmail com>
Date: Tue, 21 Jan 2025 18:31:31 -0800
It looks like an OEM leaked the patch for a major upcoming CPU vulnerability, i.e. "AMD Microcode Signature Verification Vulnerability": https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/ I'm not thrilled about this - the patch is *not* currently in linux-firmware, so this is the only publicly available patch. However, other people are discussing how to extract them: https://winraid.level1techs.com/t/offer-intel-amd-via-cpu-microcode-archives-1995-present/102857/53 Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso () sdf org _\_V _( ) _( ) @taviso
Current thread:
- AMD Microcode Signature Verification Vulnerability Tavis Ormandy (Jan 21)
- Re: AMD Microcode Signature Verification Vulnerability Demi Marie Obenour (Jan 22)
- Re: AMD Microcode Signature Verification Vulnerability Tavis Ormandy (Jan 22)
- Re: AMD Microcode Signature Verification Vulnerability Solar Designer (Feb 04)
- Re: AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer (Feb 05)
- Re: AMD Microcode Signature Verification Vulnerability trinity pointard (Feb 06)
- Re: AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer (Feb 06)
- Re: AMD Microcode Signature Verification Vulnerability Tavis Ormandy (Jan 22)
- Re: AMD Microcode Signature Verification Vulnerability Solar Designer (Mar 05)
- Re: AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer (Mar 05)
- Re: AMD Microcode Signature Verification Vulnerability Solar Designer (Mar 05)
- Re: AMD Microcode Signature Verification Vulnerability Jacob Bachmeyer (Mar 05)
- Re: AMD Microcode Signature Verification Vulnerability Demi Marie Obenour (Jan 22)
