this post was submitted on 04 Feb 2025
32 points (100.0% liked)

Security

5154 readers
5 users here now

Confidentiality Integrity Availability

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
32
AMD Zen 1 through Zen 4 CPUs use an insecure hash function in the signature validation for microcode updates; researchers released a proof of concept update which makes the RDRAND instruction return 4 (github.com)
submitted 1 day ago* (last edited 1 day ago) by cypherpunks@lemmy.ml to c/security@lemmy.ml
3 comments fedilink hide all child comments
 

for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the "hardware" random number generator behind the RDRAND instruction with an implementation of xkcd#221 ๐Ÿ˜ญ

you are viewing a single comment's thread
view the rest of the comments
[โ€“] whostosay@lemmy.world 2 points 1 day ago

In practical terms, can someone explain what this means? Ring 0 from outside a VM.

That would mean that if I were to have an image of an OS, as long as I have local admin while loading this on a VM, I would be able to run code as root?