[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Jan 5 08:22:43 EST 2018
On 2018-01-04, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2018-01-04 18:28:09 +0000, Simon Clubley said:
>
>> On 2018-01-04, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>> (and then there's that OpenVMS RCE I've been sitting on for a couple of years),
>>
>> Have you considered forcing the issue with that one ?
>
> To what end? VSI is clearly already flat out.
Because if you and I can find these types of security issues then
so can the bad guys.
> I've intentionally not
> commented on the details of the supervisor-to-privileges path, either.
>
That one needs to be discussed because there are wider implications.
However, my self-imposed embargo until the beginning of March still
stands so I will not be discussing any additional details until then.
>> If nothing has happened after a couple of years of waiting, what makes
>> you think it's likely to be fixed soon ?
>
> Because some of the security infrastructure work that VSI has underway
> can eventually be used to mitigate the RCE.
Excellent, that's good news.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list