this post was submitted on 11 Mar 2025
171 points (94.3% liked)

Technology

66067 readers
4695 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
171
Google researchers uncover critical security flaw in all AMD Zen processors (www.techspot.com)
submitted 1 day ago by floofloof@lemmy.ca to c/technology@lemmy.world
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TheGrandNagus@lemmy.world 148 points 1 day ago* (last edited 1 day ago) (13 children)

This flaw allows attackers with local administrator privileges to bypass AMD's cryptographic verification system and install custom microcode updates on affected CPUs.

If you already have local administrator privileges, you have access to the system and its data anyway. Doesn't seem that critical a flaw. It doesn't even survive reboots.

Regardless, AMD has already issued a fix.

[–] Toes@ani.social 23 points 1 day ago* (last edited 1 day ago) (8 children)

Edit: seems I may be mistaken.

If I'm understanding this correctly this opens up the door to a serious type of rootkit.

It's not a matter of attackers having access to the data. It's that they have replaced your hardware with malicious hardware.

Additionally It can be trivial to gain administrative capacity on a personal computer. But in a regular case you can just reinstall the operating system. This would survive that.

[–] Dark_Arc@social.packetloss.gg 24 points 1 day ago* (last edited 1 day ago) (1 children)

On some level yes, but reading the article nothing persist between boots. This seems like a vulnerability that's really only that serious A if you don't apply AMDs patched micro code and B there's another vulnerability on your system that lets this persist between operating system reinstall/in the BIOS.

[–] kusivittula@sopuli.xyz 3 points 19 hours ago (1 children)

I'm having hard time understanding how the microcode patch is delivered. system updater or bios update? I'm fucked if it's a bios update cos my shitty gigabyte mobo won't detect the files

[–] lengau@midwest.social 3 points 14 hours ago (1 children)

Your OS can load the microcode. Most Linux distros will load the latest microcode during boot. Some will even update the microcode when it gets the new microcode from the distro repositories. This facility exists specifically because motherboard vendors are terrible about providing updates.

[–] Infernal_pizza@lemm.ee 1 points 3 hours ago

Except the AMD microcode package doesn't cover most consumer grade CPUs

load more comments (6 replies)
load more comments (10 replies)