509

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'(www.tomshardware.com)

posted
by
Avatar
TheHolm@aussie.zone
in
Avatar
selfhosted@lemmy.world
183 comments
hidereport

Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
KoalaUnknown@lemmy.world
55 points

The enterprise models are getting patched but the consumer ones aren’t. Shame on them.

permalink
report
reply
Avatar
nlgranger@lemmy.world
12 points

Consumer usage is not really concerned by the attack scenario of this vulnerability from what I understand. The prerequisite is to have access to the bios so it’s already game over at this point.

permalink
report
parent
reply
Avatar
WhyJiffie@sh.itjust.works
3 points

Chip makes should not only treat customer CPUs as possibly-business hardware when adding shit like (Intel) ME, Pluton and (AMD) PSP, but also when patching serious vulnerabilities and providing support!

permalink
report
parent
reply
Avatar
nlgranger@lemmy.world
1 point

Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that. But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.

permalink
report
parent
reply
Show more comments
Avatar
hangonasecond@lemmy.world
3 points

When you pay for enterprise equipment, you are typically paying a premium for longer, more robust support. Consumer products are less expensive because they don’t get this support.

permalink
report
parent
reply
Show more comments
Avatar
PM_Your_Nudes_Please@lemmy.world
6 points

Sure, but that feels a little bit like saying “We don’t need guards inside the prison, because we already have them patrolling around the perimeter.”

permalink
report
parent
reply
Avatar
Possibly linux@lemmy.zip
5 points

I like my eBay “business” class machines

permalink
report
parent
reply
Avatar
PriorityMotif@lemmy.world
5 points

Any news on the “pro” line? They were installed on business PCs and had additional security features built in. For instance there is a 3600 pro model.

permalink
report
parent
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 5K

    Monthly active users

  • 1.7K

    Posts

  • 18K

    Comments

Community moderators