[Code-Crunchers] Fwd: RE: [funsec] Description of the Intel CPU bugs

Gadi Evron ge at linuxbox.org
Thu Jun 28 10:57:09 CDT 2007 

----- Forwarded message from Larry Seltzer <Larry at larryseltzer.com> -----

Subject: RE: [funsec] Description of the Intel CPU bugs
Date: Thu, 28 Jun 2007 11:08:08 -0400
From: Larry Seltzer <Larry at larryseltzer.com>
To: funsec at linuxbox.org

de Raadt makes reference to BIOS vendors providing fixes but there's a
fix from Microsoft in a KB article at
http://support.microsoft.com/?kbid=936357. They call it a "microcode
reliability update". 
 
Does this mean that microcode in these CPUs is actually
field-upgradable? I wonder if Joanna Rutkowska knows about this.
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/> 
http://blogs.eweek.com/cheap_hack/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer> 
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com 
 

________________________________

From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Richard M. Smith
Sent: Thursday, June 28, 2007 9:33 AM
To: funsec at linuxbox.org
Subject: [funsec] Description of the Intel CPU bugs


http://marc.info/?l=openbsd-misc&m=118296441702631
 
List:       openbsd-misc <http://marc.info/?l=openbsd-misc&r=1&w=2> 
Subject:    Intel Core 2 <http://marc.info/?t=118296457100003&r=1&w=2> 
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
<http://marc.info/?a=90366097200024&r=1&w=2> 
Date:       2007-06-27 17:08:16
<http://marc.info/?l=openbsd-misc&r=1&w=2&b=200706> 
Message-ID: 200706271708.l5RH8GkK024621 () cvs ! openbsd ! org
<http://marc.info/?i=200706271708.l5RH8GkK024621%20()%20cvs%20!%20openbs
d%20!%20org> 
[Download message RAW
<http://marc.info/?l=openbsd-misc&m=118296441702631&q=raw> ]

Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.

These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.

As is typical, BIOS vendors will be very late providing workarounds /
fixes for these processors bugs.  Some bugs are unfixable and cannot
be worked around.  Intel only provides detailed fixes to BIOS vendors
and large operating system groups.  Open Source operating systems are
largely left in the cold.

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

----- End forwarded message -----

-- 
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.

More information about the Code-Crunchers mailing list