Glad this is being addressed in coreboot. According to
https://kb.cert.org/vuls/id/796611 Insyde's UEFI implementation currently
has 23 SMM vulnerabilities researched and disclosed by the company
binarly.io and there is no telling if and when the vendors downstream apply
the fixes and release BIOS
The branches for 4.14, .15, and 4.16 are created and ready for patches
to be pushed.
After the patches are merged, I'll handle the releases.
Martin
On Mon, Apr 25, 2022 at 11:54 PM Shawn C wrote:
>
> Nice hunt, Arthur! The attack surface in coreboot is lesser than UEFI but the
> misconfig
Nice hunt, Arthur! The attack surface in coreboot is lesser than UEFI but the
misconfig during the setup will lead to serious issue. This one is neat and
worth a CVE. Please use CVE-2022-29264 as record:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29264
regards
Shawn
---
Apr 12, 2022, 10:25 by insu...@riseup.net:
>
> On 4/12/22 10:17, Nico Huber wrote:
>
>> Hello Insurgo,
>>
>> On 12.04.22 16:01, Insurgo Technologies Libres / Open Technologies wrote:
>>
>>> On April 12, 2022 8:55:56 AM UTC, Arthur Heymans
>>> wrote:
>>>
> Would it make sense to backport
On 4/12/22 10:17, Nico Huber wrote:
Hello Insurgo,
On 12.04.22 16:01, Insurgo Technologies Libres / Open Technologies wrote:
On April 12, 2022 8:55:56 AM UTC, Arthur Heymans
wrote:
Would it make sense to backport your fix to old releases and bump
those release numbers to a .1 on the end?
Hello Insurgo,
On 12.04.22 16:01, Insurgo Technologies Libres / Open Technologies wrote:
> On April 12, 2022 8:55:56 AM UTC, Arthur Heymans wrote:
>>> Would it make sense to backport your fix to old releases and bump
>>> those release numbers to a .1 on the end?
>>>
>>
>> Some see releases as
On April 12, 2022 8:55:56 AM UTC, Arthur Heymans wrote:
>Hi
>
>Would it make sense to backport your fix to old releases and bump
>> those release numbers to a .1 on the end?
>>
>
>Some see releases as mere synchronization tags & nice PR.
>Some releases are also branches in gerrit but there are
Arthur Heymans wrote:
> > Would it make sense to backport your fix to old releases and bump
> > those release numbers to a .1 on the end?
..
> It's a bit weird to have releases that you'd have to advertise as *don't
> use*, but I've seen us do that in the past (because issues are quite often
>
Hi
Would it make sense to backport your fix to old releases and bump
> those release numbers to a .1 on the end?
>
Some see releases as mere synchronization tags & nice PR.
Some releases are also branches in gerrit but there are none affected by
this (latest is 4.12 and it was introduced in
Arthur Heymans wrote:
> I think this issue might affect a lot more systems than I initially thought.
Would it make sense to backport your fix to old releases and bump
those release numbers to a .1 on the end?
//Peter
___
coreboot mailing list --
Hi
I did some testing on real hardware with an Intel Coffeelake system on
whether
vectoring out of TSEG is prohibited by the hardware, which I assumed would
be the case.
It's *not* the case! Vectoring out of TSEG does succeed so this issue
really affects modern hardware.
So I think this issue
11 matches
Mail list logo