----------------------------------------------------------------------------------
@MSGID: 1@dont-email.me> cd9bdfdb
@REPLY: 1@dont-email.me> d2447167
@REPLYADDR User <user@example.net>
@REPLYTO 2:5075/128 User
@CHRS: CP866 2
@RFC: 1 0
@RFC-Message-ID: 1@dont-email.me>
@RFC-References: <jpkr0owx09d.fsf@panix5.panix.com>
1@dont-email.me> 1@dont-email.me>
@TZUTC: -0400
@PID: Mozilla/5.0 (X11; Linux x86_64; rv:102.0)
Gecko/20100101 Thunderbird/102.13.0
@TID: FIDOGATE-5.12-ge4e8b94
On 7/25/23 18:10, John McCue wrote:
> John McCue <
jmccue@magnetar.jmcunx.com> wrote:
>
>> From what I have read, no need unless you have one of the AMD
>> CPUs listed here:
>>
>>
https://lock.cmpxchg8b.com/zenbleed.html
>
> Wrong link, this is the correct one:
>
https://www.tomshardware.com/news/zenbleed-bug-allows-data-theft-from-amds-zen-2
-processors-patches-released
>
> John
>
Mon Jul 24 22:07:56 UTC 2023
patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy`s annoucement of the issue:
"The practical result here is that you can spy on the registers of
other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that`s fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59
https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
--- Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.13.0
* Origin: A noiseless patient Spider (2:5075/128)
SEEN-BY: 5001/100 5005/49 5015/255 5019/40 5020/715
848 1042 4441 12000
SEEN-BY: 5030/49 1081 5058/104 5075/128
@PATH: 5075/128 5020/1042 4441