On Tue, Jan 21, 2025 at 11:38:16PM -0500, Demi Marie Obenour wrote: > On Tue, Jan 21, 2025 at 06:31:31PM -0800, Tavis Ormandy wrote: > > It looks like an OEM leaked the patch for a major upcoming CPU > > vulnerability, i.e. "AMD Microcode Signature Verification > > Vulnerability": > > > > https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/ > > > > I'm not thrilled about this - the patch is *not* currently in > > linux-firmware, so this is the only publicly available patch. > > > > However, other people are discussing how to extract them: > > > > https://winraid.level1techs.com/t/offer-intel-amd-via-cpu-microcode-archives-1995-present/102857/53 > > Is this fix effective, or can it be bypassed via a downgrade attack? >
I'm not sure yet, the vendor has been really excruciating to deal with, this is the first time I've been allowed to see the patch!! :( Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger [email protected] _\_V _( ) _( ) @taviso
