Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN134

_____________________________________________________________________

DATE                : 10/03/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Xen.

=====================================================================
https://lists.xenproject.org/archives/html/xen-announce/2025-03/msg00001.html
_____________________________________________________________________

See:

https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Right now there are four known but (reasonably) benign microcodes from
a non-AMD source.  However, there is a tool to sign arbitrary
microcode.

In Xen, we've provided a stopgap mitigation to perform extra checks on
microcode load on affected CPU families.  This is a SHA2 digest check
against hashes with believed-good provenance.  This is staging only
for now, in case it is overly disruptive.

This will not protect against an already-compromised platform, but
it will prevent an uncompromised system becoming compromised via
Xen's microcode loading capabilities.

On affected systems, the only complete fix is a firmware update.
This is a very firmly recommended course of action.


Sincerely,

~Andrew, on behalf of the Xen Security Team.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================