From: Pavel Machek <pavel@denx.de>
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] New CVE entries this week
Date: Thu, 16 Jun 2022 14:04:40 +0200 [thread overview]
Message-ID: <20220616120440.GA3351@duo.ucw.cz> (raw)
In-Reply-To: <CAODzB9qmZ1m6L8MZYUOooRYfXh5Z_uj=o=ieR+Rn9jfSmdxQQA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2462 bytes --]
Hi!
> It's this week's CVE report.
>
> This week reported 3 new CVEs and 3 updated CVEs.
>
> FYI: A new side-channel attack which is called "Hertzbleed Attack" has
> been published.
> This vulnerability has assigned to CVE-2022-23823 and CVE-2022-24436.
> Researchers confirmed Intel's 8th to the 11th generation Core
> microarchitecture and AMD Ryzen processors are affected but the
> haven't confirmed other processors(e.g. ARM) are affected or not.
> Intel and AMD provided guidance to mitigate the Heartbleed Attack.
> However, researchers said that Intel and AMD haven't planned to
> provide microcode patches.
>
> https://www.hertzbleed.com/
They certainly have good marketing and clearly want attention. Whether
they deserve attention... is hard to tell. Maybe situation will be
more clear after reading the paper.
There are three more vulnerabilities from the "fast and secure CPUs
are hard, and consumers can't easily tell CPUs are not secure as our
designs are secret" family:
+Device Register Partial Write (DRPW) (CVE-2022-21166)
+-----------------------------------------------------
+Some endpoint MMIO registers incorrectly handle writes that are smaller than
+the register size. Instead of aborting the write or only copying the correct
+subset of bytes (for example, 2 bytes for a 2-byte write), more bytes than
+specified by the write transaction may be written to the register. On
+processors affected by FBSDP, this may expose stale data from the fill buffers
+of the core that created the write transaction.
+
+Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)
+----------------------------------------------------
+After propagators may have moved data around the uncore and copied stale data
+into client core fill buffers, processors affected by MFBDS can leak data from
+the fill buffer. It is limited to the client (including Intel Xeon server E3)
+uncore implementation.
+
+Shared Buffers Data Read (SBDR) (CVE-2022-21123)
+------------------------------------------------
+It is similar to Shared Buffer Data Sampling (SBDS) except that the data is
+directly read into the architectural software-visible state. It is limited to
+the client (including Intel Xeon server E3) uncore implementation.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
next prev parent reply other threads:[~2022-06-16 12:04 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 23:44 New CVE entries this week Masami Ichikawa
2022-06-16 12:04 ` Pavel Machek [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-07-26 23:15 Masami Ichikawa
2023-07-27 9:26 ` [cip-dev] " Pavel Machek
2023-07-27 11:30 ` Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-15 8:41 ` [cip-dev] " Pavel Machek
2023-06-15 11:52 ` Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-10 8:33 ` [cip-dev] " Pavel Machek
2022-10-20 0:48 Masami Ichikawa
2022-10-20 7:58 ` [cip-dev] " Pavel Machek
2022-10-20 13:10 ` Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-09 9:41 ` [cip-dev] " Pavel Machek
2022-06-09 12:06 ` Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-17 11:55 ` [cip-dev] " Pavel Machek
2021-08-26 1:09 Masami Ichikawa
2021-08-26 10:01 ` Pavel Machek
[not found] ` <169ED2F66B4753DB.9667@lists.cip-project.org>
2021-08-26 11:51 ` Pavel Machek
2021-08-26 12:43 ` Masami Ichikawa
2021-08-19 0:12 市川正美
2021-08-19 7:10 ` Pavel Machek
2021-08-19 8:37 ` Masami Ichikawa
2021-08-19 8:55 ` Nobuhiro Iwamatsu
2021-08-12 0:33 市川正美
2021-08-12 5:43 ` Pavel Machek
2021-08-12 8:40 ` 市川正美
2021-08-05 0:47 市川正美
2021-08-05 9:00 ` Pavel Machek
2021-08-06 0:46 ` 市川正美
2021-07-29 1:18 市川正美
2021-07-29 7:47 ` Pavel Machek
2021-07-29 8:11 ` 市川正美
2021-07-29 8:58 ` Pavel Machek
2021-07-29 7:50 ` Nobuhiro Iwamatsu
2021-07-29 8:12 ` 市川正美
2021-07-22 2:02 市川正美
2021-07-15 1:00 市川正美
2021-07-08 0:21 市川正美
2021-07-11 8:32 ` Pavel Machek
2021-07-11 11:13 ` masashi.kudo
2021-06-18 8:03 Pavel Machek
2021-06-20 23:51 ` 市川正美
2021-06-10 17:05 Pavel Machek
2021-06-17 2:09 ` 市川正美
2021-06-17 11:04 ` Masami Ichikawa
2021-06-18 8:01 ` Pavel Machek
2021-06-17 2:45 ` 市川正美
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220616120440.GA3351@duo.ucw.cz \
--to=pavel@denx.de \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).