| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250721230712.2093341-1-mzhivich@akamai.com>
Date: Mon, 21 Jul 2025 19:07:12 -0400
From: Michael Zhivich <mzhivich@...mai.com>
To: <stable@...r.kernel.org>, <bp@...en8.de>
CC: <tglx@...utronix.de>, <mingo@...hat.com>, <dave.hansen@...ux.intel.com>,
<x86@...nel.org>, <linux-kernel@...r.kernel.org>,
<mzhivich@...mai.com>
Subject: [PATCH] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
Note: I believe this change only applies to stable backports.
For kernels compiled with CONFIG_INIT_STACK_NONE=y, the value of __reserved
bitfield in zen_patch_rev union on the stack may be garbage. If so, it will
prevent correct microcode check when consulting p.ucode_rev, resulting in
incorrect mitigation selection.
Signed-off-by: Michael Zhivich <mzhivich@...mai.com>
Fixes: 7a0395f6607a ("x86/bugs: Add a Transient Scheduler Attacks mitigation")
---
arch/x86/kernel/cpu/amd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index efd42ee9d1cc..91b21814ce8c 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -371,7 +371,7 @@ static void bsp_determine_snp(struct cpuinfo_x86 *c)
static bool amd_check_tsa_microcode(void)
{
struct cpuinfo_x86 *c = &boot_cpu_data;
- union zen_patch_rev p;
+ union zen_patch_rev p = {0};
u32 min_rev = 0;
p.ext_fam = c->x86 - 0xf;
--
2.34.1
Powered by blists - more mailing lists