Security

5154 readers

10 users here now

Confidentiality Integrity Availability

founded 5 years ago

MODERATORS

AMD Zen 1 through Zen 4 CPUs use an insecure hash function in the signature validation for microcode updates; researchers released a proof of concept update which makes the RDRAND instruction return 4 (github.com)

submitted 1 day ago* (last edited 1 day ago) by cypherpunks@lemmy.ml to c/security@lemmy.ml

3 comments fedilink hide all child comments

for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the "hardware" random number generator behind the RDRAND instruction with an implementation of xkcd#221 😭

top 3 comments

sorted by: hot top controversial new old

[–] davel@lemmy.ml 6 points 1 day ago (1 children)

4? That's amazing! I've got the same RDRAND instruction on my luggage!

[–] cypherpunks@lemmy.ml 7 points 1 day ago

screenshot of the moment in the 1987 film Spaceballs when President Skroob (Mel Brooks) says "That's amazing! I've got the same combination on my luggage!". (no text)

[–] whostosay@lemmy.world 2 points 1 day ago

In practical terms, can someone explain what this means? Ring 0 from outside a VM.

That would mean that if I were to have an image of an OS, as long as I have local admin while loading this on a VM, I would be able to run code as root?