top | item 36856367

(no title)

slome | 2 years ago

OpenBSD only implemented loading AMD firmware two days after AMD published updated microcode to fix Zenbleed. Which makes me believe they were not among the "major kernels", vendors or other entities that got a heads up of this vulnerability which happened over two month prior.

Whether they were last to be in the know or not, i applaud them for being one of the first to have patches out for their latest two stable releases (7.2 and 7.3).

discuss

antod|2 years ago

Don't know if it was still the case, but OpenBSD would not get early vuln info because they wouldn't sit on embargoes and would patch right away.

ori_b|2 years ago

This is untrue. OpenBSD pushes to release as early as possible, but if they're on an embargo, they've respected it.

dralley|2 years ago

It's possible they knew just enough to know that they needed to implement firmware loading, without knowing the full details of the vulnerability.