|Summary:||<sys-kernel/linux-firmware-20180103-r1: Microcode for AMD family 17h processor to mitigate against CVE-2017-5715|
|Product:||Gentoo Security||Reporter:||GLSAMaker/CVETool Bot <glsamaker>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||major||CC:||andrew.bugs, bertrand, chithanh, keaneyw, kernel, pacho, peter.volkov, tb, viklevin2, zerochaos|
|Runtime testing required:||---|
|Bug Depends on:|
Description GLSAMaker/CVETool Bot 2018-01-04 19:28:52 UTC
Comment 1 Thomas Deutschmann 2018-01-04 19:30:07 UTC
This new firmware disables branch prediction on AMD family 17h processor.
Comment 2 Thomas Deutschmann 2018-01-04 19:36:10 UTC
@ Arches, please test and mark stable: =sys-kernel/linux-firmware/linux-firmware-20180103-r1
Comment 3 Stabilization helper bot 2018-01-04 20:00:28 UTC
An automated check of this bug failed - the following atom is unknown: sys-kernel/linux-firmware/linux-firmware-20180103-r1 Please verify the atom list.
Comment 4 Thomas Deutschmann 2018-01-06 05:25:22 UTC
Comment 5 Agostino Sarubbo 2018-01-06 17:54:12 UTC
Comment 6 Sergei Trofimovich 2018-01-06 21:50:48 UTC
Comment 7 pva 2018-01-07 21:45:15 UTC
Looks like Suse mixed things up. This update does not disable branch prediction: https://www.phoronix.com/scan.php?page=news_item&px=AMD-Branch-Prediction-Still So I've removed "disables branch prediction" from subject. Let's see what further clarifications we will have.
Comment 8 Andreas Grois 2018-01-07 22:18:27 UTC
Red Hat seems to have more information on what the microcode update does (if they are indeed talking about this one): https://access.redhat.com/articles/3311301
Comment 9 nobody 2018-01-08 10:16:40 UTC
Please update -> https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre sys-kernel/linux-firmware A CPU microcode update was added which will disables branch prediction on AMD family 17h processors (800F12 only). The updated microcode is included in >=sys-kernel/linux-firmware-20180103-r1 which is currently being stabilized in bug #643476. --> which will disables branch prediction on AMD <-- It doesn't disable it. Should be reword to "A CPU microcode update was added on AMD family 17h processors (800F12 only) to mitigate the issue."
Comment 10 Thomas Deutschmann 2018-01-08 15:35:56 UTC
Source for your claim? Our text was bundled with the firmware blob we received from AMD. Don't get me wrong. You might be right. But until we have a better source we stick with upstream's wording. Also, we are looking for someone who as access to an affected processor (AMD EPYC 7551).
Comment 11 nobody 2018-01-09 00:50:40 UTC
Sorry from peter comment #7 phoronix link. <I reached out to AMD and on Friday heard back. They wrote in an email to Phoronix that this Zen/17h microcode update does not disable branch prediction.> If you don't know who to trust, the rephrasing will do nothing if it really disable branch prediction (you don't lie saying "to mitigate the issue", but if it does not, you have avoid to spread a fake/false news spreading. Better safe than sorry.
Comment 12 Sergei Trofimovich 2018-01-11 22:33:59 UTC
Comment 13 Sergei Trofimovich 2018-01-13 10:12:42 UTC
Comment 14 Markus Meier 2018-02-05 21:21:56 UTC
Comment 15 Sergei Trofimovich 2018-02-10 19:17:48 UTC
commit fa7b6bf3c8dc747cc57e66837acb48772f7905d2 Author: Rolf Eike Beer <firstname.lastname@example.org> Date: Sat Feb 10 19:40:37 2018 +0100 sys-kernel/linux-firmware: stable 20180103-r1 for sparc, bug #643476
Comment 16 Tobias Klausmann 2018-03-04 08:17:11 UTC
Stable on alpha.
Comment 17 Chí-Thanh Christopher Nguyễn 2019-09-26 10:12:37 UTC
All arches done and vulnerable versions have been dropped for a while already.
Comment 18 Thomas Deutschmann 2019-10-06 20:30:45 UTC
No GLSA required.