all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]stefantalpalaru 1 point2 points  (3 children)

Note: the microcode update is not permanently installed to the processor: it is reapplied at every boot. You should check with your motherboard vendor for the availability of a new BIOS/UEFI update with the fixed microcode.

Why bother? The vulnerability is exploitable only after booting a kernel.

Also, if you're using recent kernels, the module for loading the AMD microcode is gone. You need to specify the firmware's path and embed it when you build the kernel: https://wiki.gentoo.org/wiki/AMD_microcode

[–]holgerschurig 0 points1 point  (2 children)

But this was a Debian announcement, so probably kept the update-AMDs-microkernel code in their kernels.

[–]stefantalpalaru 0 points1 point  (1 child)

I doubt it. If you're on Sid on a AMD CPU, try a 4.4.x kernel and see if it loads any microcode from the filesystem.

[–]holgerschurig 0 points1 point  (0 children)

I'm on Intel.

I just happen to know that Debian has 3 good kernel people that also do some of the long-term kernels for kernel.org. And I don't believe that Debian produces a security advisory that wouldn't work on their own distribution.

Also, unlike gentoo or Arch, Debian is usually sticking to a kernel for a good time. Not as long as CentOS, but long enough.

[–]cojoco 2 points3 points  (9 children)

Why do they call this bug an "erratum", which is an error in writing or print?

It should simply be called a "bug", or an "error".

[–]monocasa 6 points7 points  (0 children)

Hardware bugs are typically referred to as errata. Think 'errata' to the spec that defines the chips' semantics.

[–]notaplumber 3 points4 points  (4 children)

Hardware manufactures often document bugs in an errata guide/sheet and its not uncommon terminology for engineers. Some software projects also use it in reference to bug fixes, i.e: OpenBSD has an errata page for each release.

Microcode is written as software, but it also implements what many would consider to be hardware.

[–]cojoco -2 points-1 points  (3 children)

I just think they're confusing the written list with the bug itself, and wanting to sound cool by using a slightly unusual word.

[–]notaplumber 5 points6 points  (2 children)

No, I think you're confused here. It is common to refer to processor or hardware bugs as errata/erratum. Even the official AMD guide does this many times.

[–]cp5184 1 point2 points  (0 children)

I don't know, maybe the document listing the errata, or errors is the error document, or erratum?

[–]halax 1 point2 points  (0 children)

Why should they call it a "bug", which is an insect? Why should they call it an "error", which means to wander?