this post was submitted on 11 Mar 2025
157 points (93.9% liked)
Technology
65819 readers
5133 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you already have local administrator privileges, you have access to the system and its data anyway. Doesn't seem that critical a flaw. It doesn't even survive reboots.
Regardless, AMD has already issued a fix.
... are used by distro update mechanisms and very few people turn those off, even if they don't use elevated privileges for anything else.
Admittedly, it's unlikely that a distro's repository will end up with a compromised microcode package, but it's not impossible (Remember the 7zip debacle?). And if it happens, you can be sure that whoever designs the payload will use the temporary access to install something ugly that has more permanent access.
But as you say, AMD have issued a fix. And that'd be why.
7z? You mean xz??