From nobody Thu Jun 16 10:25:19 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 237E0846BD2 for ; Thu, 16 Jun 2022 10:25:32 +0000 (UTC) (envelope-from codeblue@inbox.lv) Received: from shark3.inbox.lv (shark3.inbox.lv [194.152.32.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4LNyx70fyCz3vvQ for ; Thu, 16 Jun 2022 10:25:30 +0000 (UTC) (envelope-from codeblue@inbox.lv) Received: from shark3.inbox.lv (localhost [127.0.0.1]) by shark3-out.inbox.lv (Postfix) with ESMTP id 9C18C280138 for ; Thu, 16 Jun 2022 13:25:23 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=inbox.lv; s=p20220324; t=1655375123; x=1655376923; bh=+nIosUabi3URs1djsYoKo+KAiBl8LzJxlN7tCA5r514=; h=Message-ID:Date:Subject:To:References:From:In-Reply-To: Content-Type:X-ESPOL:From:Date:To:Cc:Message-ID:Subject:Reply-To; b=T/9i4miMpAmNDFJumyvC44bpwB8PvPRm6d9O59Y8VPX/k/SoMNHwcEuoozuFQg0p0 njO9KfxUuJvK7tf21xDhiDFGaP+3RbYirkbe0R/QyjhhTLvB2fzrp5gGTxrJSy0HQ6 SYs9EMtITUmkQX/xk2vJJgFbemICOaFbtVpzb8lE= Received: from localhost (localhost [127.0.0.1]) by shark3-in.inbox.lv (Postfix) with ESMTP id 99A5A280135 for ; Thu, 16 Jun 2022 13:25:23 +0300 (EEST) Received: from shark3.inbox.lv ([127.0.0.1]) by localhost (shark3.inbox.lv [127.0.0.1]) (spamfilter, port 35) with ESMTP id mHcXfnUcCFQm for ; Thu, 16 Jun 2022 13:25:23 +0300 (EEST) Received: from mail.inbox.lv (pop1 [127.0.0.1]) by shark3-in.inbox.lv (Postfix) with ESMTP id 0660728012F for ; Thu, 16 Jun 2022 13:25:23 +0300 (EEST) Message-ID: <90e55cbc-a0f7-7220-3759-e05dee2daaf9@inbox.lv> Date: Thu, 16 Jun 2022 10:25:19 +0000 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: Intel CPU CVE Issue: CVE-2022-21166/CVE-2022-21125/CVE-2022-21123 Content-Language: en-US To: "freebsd-security@freebsd.org" References: From: John Long In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: OK X-ESPOL: AJqEQ2V/7XRHu8S+K4Zt5Ovj2q/TW1sruDn7xrsu63dZqLLFr60GfRz/B/eRFELmMn8= X-Rspamd-Queue-Id: 4LNyx70fyCz3vvQ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=inbox.lv header.s=p20220324 header.b="T/9i4miM"; dmarc=pass (policy=quarantine) header.from=inbox.lv; spf=pass (mx1.freebsd.org: domain of codeblue@inbox.lv designates 194.152.32.83 as permitted sender) smtp.mailfrom=codeblue@inbox.lv X-Spamd-Result: default: False [-4.10 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[inbox.lv:s=p20220324]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[inbox.lv:dkim]; R_SPF_ALLOW(-0.20)[+ip4:194.152.32.83:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[inbox.lv:+]; DMARC_POLICY_ALLOW(-0.50)[inbox.lv,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; TO_DN_EQ_ADDR_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12993, ipnet:194.152.32.0/23, country:LV]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[194.152.32.83:from] X-ThisMailContainsUnwantedMimeParts: N 1st of all, my comment was because of your post but was not directed at you. Sorry if that was unclear. 2nd of all, great that they give advice. Not so great that people have to actually do the work. This costs everybody *besides Intel* a lot of money and there is no end in sight. How about if Intel gives refunds to people afflicted by their defective products and pays remediation costs to software projects similarly afflicted? Maybe that would give them incentive to do a better job with the junk they're selling. /jl On 16-Jun-22 09:57, Chen, Alvin W wrote: > Intel provides the migration guideline, please refer to : https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html > It looks like Linux (Ubuntu&Rehat&Suse) and Window are ready. > >> >> >> [EXTERNAL EMAIL] >> >> Does Intel fund OS and application level mitigations of their never-ending >> failure to design or implement anything properly? >> >> It's hard to understand why the victims should pay... >> >> /jl >> >> On 16-Jun-22 07:51, Chen, Alvin W wrote: >>> Hi community, >>> >>> Are there any fixes available to fix this Intel CPU CVE issues on FreeBSD? >>> >>> Regards, >>> > > > Internal Use - Confidential