'You can now jailbreak your AMD CPU' — Google researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips

Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ by ⁨misk@sopuli.xyz⁩ to ⁨technology@beehaw.org⁩

https://www.tomshardware.com/pc-components/cpus/you-can-now-jailbreak-your-amd-cpu-google-researchers-release-kit-to-exploit-microcode-vulnerability-in-zen-1-to-zen-4-chips

source

Comments

Sort:hotnew top

vk6flab@lemmy.radio ⁨2⁩ ⁨months⁩ ago
From the article:

helped in no small part by AMD reusing a publicly-accessible NIST example key as its security key

That’s a whole new level of … something.

source
- jmcs@discuss.tchncs.de ⁨2⁩ ⁨months⁩ ago
  90% of security vulnerabilities are caused by “let’s just use/do this for now and change it before production”.
  
  source
  - vk6flab@lemmy.radio ⁨2⁩ ⁨months⁩ ago
    What does the fix look like?
    
    Code scanners? Hackathons? Code review by new hires? Education? Methodology?
    
    source
    -> View More Comments
- sanpo@sopuli.xyz ⁨2⁩ ⁨months⁩ ago
  I’d like that to be “new”, but… It’s not exactly the first time this exact thing happened in tech.
  
  source
  - vk6flab@lemmy.radio ⁨2⁩ ⁨months⁩ ago
    I spent quite some time trying to find a better way to put it, but stupid, idiot, ignorance, incredulity just didn’t seem to cover the experience of WTAF?
    
    source
ByteSorcerer@beehaw.org ⁨2⁩ ⁨months⁩ ago
Any guesses how long it will take for someone to use this jailbreak to get Doom to run on just the CPU?
In theory, at least some of the affected processors should have more than enough cache to run it directly from there, right?

Though I have to admit that I don’t understand CPU internals well enough to know if the microcode even has enough control over the chip to make that physically possible.

source
noddy@beehaw.org ⁨2⁩ ⁨months⁩ ago
Perhaps this could be used to jailbreak the PS5 🤔

source