[funsec] Description of the Intel CPU bugs

Larry Seltzer Larry at larryseltzer.com
Thu Jun 28 10:08:08 CDT 2007 

de Raadt makes reference to BIOS vendors providing fixes but there's a
fix from Microsoft in a KB article at
http://support.microsoft.com/?kbid=936357. They call it a "microcode
reliability update". 
 
Does this mean that microcode in these CPUs is actually
field-upgradable? I wonder if Joanna Rutkowska knows about this.
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/> 
http://blogs.eweek.com/cheap_hack/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer> 
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com 
 

________________________________

From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Richard M. Smith
Sent: Thursday, June 28, 2007 9:33 AM
To: funsec at linuxbox.org
Subject: [funsec] Description of the Intel CPU bugs


http://marc.info/?l=openbsd-misc&m=118296441702631
 
List:       openbsd-misc <http://marc.info/?l=openbsd-misc&r=1&w=2> 
Subject:    Intel Core 2 <http://marc.info/?t=118296457100003&r=1&w=2> 
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
<http://marc.info/?a=90366097200024&r=1&w=2> 
Date:       2007-06-27 17:08:16
<http://marc.info/?l=openbsd-misc&r=1&w=2&b=200706> 
Message-ID: 200706271708.l5RH8GkK024621 () cvs ! openbsd ! org
<http://marc.info/?i=200706271708.l5RH8GkK024621%20()%20cvs%20!%20openbs
d%20!%20org> 
[Download message RAW
<http://marc.info/?l=openbsd-misc&m=118296441702631&q=raw> ]

Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.

These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.

As is typical, BIOS vendors will be very late providing workarounds /
fixes for these processors bugs.  Some bugs are unfixable and cannot
be worked around.  Intel only provides detailed fixes to BIOS vendors
and large operating system groups.  Open Source operating systems are
largely left in the cold.

...

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linuxbox.org/pipermail/funsec/attachments/20070628/d7aa7db7/attachment.html

More information about the funsec mailing list