| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241119193120.zgcbyyoeiiehn6mw@desk> Date: Tue, 19 Nov 2024 11:31:20 -0800 From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com> To: Dave Hansen <dave.hansen@...el.com> Cc: Dave Hansen <dave.hansen@...ux.intel.com>, linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de, bp@...en8.de Subject: Re: [RFC][PATCH] x86/cpu/bugs: Consider having old Intel microcode to be a vulnerability On Tue, Nov 19, 2024 at 10:49:21AM -0800, Dave Hansen wrote: > On 11/19/24 09:45, Pawan Gupta wrote: > > Sorry for playing the devil's advocate. I am wondering who is the prime > > beneficiary of this change? > > At a very high level, it's for folks with new kernels and old microcode. > > It's _very_ normal for someone to report a bug and for us upstream folks > to ask them to reproduce on the latest mainline. The moment they do > that, they get the latest microcode list. Folks don't randomly upgrade > to a new kernel for fun in production. But it's hopefully a very normal > activity for folks having problems and launching into debug. Ah, that makes sense. > In other words, "new kernel / old microcode" might be relatively rare, > but it still gets used at a *very* critical choke point. Right.
Powered by blists - more mailing lists