You are only browsing one thread in the discussion! All comments are available on the post page.

Return

TheGrandNagus , (edited )

This flaw allows attackers with local administrator privileges to bypass AMD's cryptographic verification system and install custom microcode updates on affected CPUs.

If you already have local administrator privileges, you have access to the system and its data anyway. Doesn't seem that critical a flaw. It doesn't even survive reboots.

Regardless, AMD has already issued a fix.

devfuuu ,

It sound's more like a feature.

palordrolap ,

local administrator privileges

... are used by distro update mechanisms and very few people turn those off, even if they don't use elevated privileges for anything else.

Admittedly, it's unlikely that a distro's repository will end up with a compromised microcode package, but it's not impossible (Remember the 7zip debacle?). And if it happens, you can be sure that whoever designs the payload will use the temporary access to install something ugly that has more permanent access.

But as you say, AMD have issued a fix. And that'd be why.

Rin ,

7z? You mean xz??

palordrolap ,

Whoops. It looks like I conflated it with the more recent 7zip vulnerability, which didn't affect Linux much at all.

Just goes to show how often these things crop up though.

wewbull ,

That's not a flaw. That's a right to repair requirement.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.world
  • Rutgers
  • PowerRangers
  • MidnightClan
  • bjj
  • WatchParties
  • Lexington
  • WarhammerFantasy
  • neondivide
  • fandic
  • learnviet
  • space_engine
  • Mordhau
  • itdept
  • fakemon
  • RetroGamingNetwork
  • khanate
  • electropalaeography
  • steinbach
  • cragsand
  • writinghelp
  • fractal_field_painting
  • supersentai
  • Shitlemmysays
  • TFTactics
  • Catalina
  • elakiri
  • electionshenanigans
  • cincin
  • All magazines
    •