On Sat, 21 Mar 2020, Adam D. Barratt wrote: > On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote: > > I have prepared an update for amd64-microcode for Debian Stretch, > > which fixes CVE-2017-5715. Please see an attached debdiff. > > > > This is the newer upstream version, which fixes CVE-2017-5715. > > Security team marked this CVE for Stretch as <no-dsa> [1]. > > Do you have any input / thoughts on this proposed update?
The microcode might be safe enough, we don't have regressions reported against the lastest one (which is just a revert by AMD of an update that did cause regressions when not applied through UEFI). But that's with recent kernels. I have no idea about the kernel codepaths it might activate, though, if new MSRs are exposed. -- Henrique Holschuh
