| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8909243c-3e11-4ce1-a067-710402badbea@intel.com> Date: Tue, 19 Nov 2024 10:49:21 -0800 From: Dave Hansen <dave.hansen@...el.com> To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Dave Hansen <dave.hansen@...ux.intel.com> Cc: linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de, bp@...en8.de Subject: Re: [RFC][PATCH] x86/cpu/bugs: Consider having old Intel microcode to be a vulnerability On 11/19/24 09:45, Pawan Gupta wrote: > Sorry for playing the devil's advocate. I am wondering who is the prime > beneficiary of this change? At a very high level, it's for folks with new kernels and old microcode. It's _very_ normal for someone to report a bug and for us upstream folks to ask them to reproduce on the latest mainline. The moment they do that, they get the latest microcode list. Folks don't randomly upgrade to a new kernel for fun in production. But it's hopefully a very normal activity for folks having problems and launching into debug. In other words, "new kernel / old microcode" might be relatively rare, but it still gets used at a *very* critical choke point. I completely agree with your general sentiment that normal distro users will get the distro-kernel-provided microcode version list _and_ distro-provided microcode files. This won't help them one bit unless the distro makes a silly mistake, doesn't do testing, or they somehow upgrade one package without the other.
Powered by blists - more mailing lists