this post was submitted on 07 Mar 2025
65 points (100.0% liked)

Technology

38631 readers
116 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
65
'You can now jailbreak your AMD CPU' — Google researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips (www.tomshardware.com)
submitted 2 months ago* (last edited 2 months ago) by misk@sopuli.xyz to c/technology@beehaw.org
14 comments fedilink hide all child comments
 

A team of Google researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode updates to affected CPUs. The same Google team has released the full deep-dive on the exploit, including how to write your own microcode. Anyone can now effectively jailbreak their own AMD CPUs.

The exploit affects all AMD CPUs using the Zen 1 to Zen 4 architectures. AMD released a BIOS patch plugging the exploit shortly after its discovery, but any of the above CPUs with a BIOS patch before 2024-12-17 will be vulnerable to the exploit. Though a malicious actor wishing to abuse this vulnerability needs an extremely high level of access to a system to exploit it, those concerned should update their or their organization's systems to the most recent BIOS update.

you are viewing a single comment's thread
view the rest of the comments
[–] vk6flab@lemmy.radio 61 points 2 months ago (2 children)

From the article:

helped in no small part by AMD reusing a publicly-accessible NIST example key as its security key

That's a whole new level of .. something.

[–] jmcs@discuss.tchncs.de 31 points 2 months ago (1 children)

90% of security vulnerabilities are caused by "let's just use/do this for now and change it before production".

[–] vk6flab@lemmy.radio 5 points 2 months ago (1 children)

What does the fix look like?

Code scanners? Hackathons? Code review by new hires? Education? Methodology?

[–] jmcs@discuss.tchncs.de 5 points 2 months ago

All of the above and more? There's always the risk of something falling through the cracks, so the more layers of security measures you add/can afford the better.

[–] sanpo@sopuli.xyz 10 points 2 months ago (1 children)

I'd like that to be "new", but... It's not exactly the first time this exact thing happened in tech.

[–] vk6flab@lemmy.radio 6 points 2 months ago

I spent quite some time trying to find a better way to put it, but stupid, idiot, ignorance, incredulity just didn't seem to cover the experience of WTAF?