lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EF4B83E96E0F384D805FC658E2D164AE4B3AB1@TUS1XCHCLUPIN12.enterprise.veritas.com>
Date: Thu, 28 Jun 2007 11:55:39 -0700
From: "Peter Ferrie" <pferrie@...antec.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Intel Core 2 CPUs are buggy. Patch your cpus
	:D

>   - Basically the MMU simply does not operate as specified/implimented
>     in previous generations of x86 hardware.  It is not just buggy, but
>     Intel has gone further and defined "new ways to handle page tables"
>     (see page 58).

I'm not sure about this - I understood it to mean that if you touch a
table, you have to invalidate the TLB that corresponds to its linear
address.  This was always how Intel CPUs behaved, even the old ones.
What changed?

>   - Some of these bugs are along the lines of "buffer overflow"; where
>     a write-protect or non-execute bit for a page table entry is ignored.

Same thing here - altering tables without flushing the TLBs will result in
cached data being used instead.  Intel is documenting it very well now, but
it's not new behaviour.

>     Others are floating point instruction non-coherencies, or memory
>     corruptions -- outside of the range of permitted writing for the
>     process -- running common instruction sequences.

The FPU memory corruption is old behaviour, too.

Certainly, there are some scary things in the list, but many of them are
behaviours that are being documented for the first time, yet they exist
in CPUs since even the 486, for example.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ