Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

You are viewing a single thread.
View all comments
79 points

Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.

So it’s a vulnerability that requires you to.already have been compromised. Hardly seems like news.

I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it’s probably not worth the bad publicity not to fix more.

permalink
report
reply
28 points

The reason that this is news is because it allows malware to embed itself into the processor microcode once kernel is breached. IE: If it is exploited for compromise, you either have to have the knowledge and hardware to reset the processor microcode manually (Requires an SPI flash tool) or you toss the hardware entirely. There’s no just ‘blow the drive away and reinstall the OS’ solution available.

permalink
report
parent
reply
18 points

This sounds weird. I was in the impression that operating systems load updated cpu microcode at every boot, because it does not survive a power cycle, and because the one embedded in the BIOS/UEFI firmware is very often outdated. But then how exactly can a virus persist itself for practically forever?

permalink
report
parent
reply
4 points

The OS can’t get to the point of loading cpu microcode without that outdated, embedded microcode. The reason it can persist is because there aren’t a lot of good ways to see what that UEFI microcode actually is once it’s installed. Plus, only the UEFI tells you that it has successfully updated itself. There is no other more authoritative system to verify that against. So the virus could just lie and say it’s gone and you would never know. Hence needing to treat it as the worst case scenario, that it never leaves.

permalink
report
parent
reply
13 points

And that introduces a specific type of supply chain threat: someone who possesses a computer can infect their own computer, sell it or transfer it to the target, and then use the embedded microcode against the target, even if the target completely reformats and reinstalls a new OS from scratch.

That’s not going to affect most people, but for certain types of high value targets they now need to make sure that the hardware they buy hasn’t already been infected in the supply chain.

permalink
report
parent
reply
1 point

I don’t think it gets to the microcode but the UEFI.

permalink
report
parent
reply
16 points

It’s important because it allows them to directly modify the CPU’s microcode. Basically, the CPU has its own set of instructions, called microcode, which controls how the chip functions on a physical level. If they manage to change your microcode, even a full system reformat won’t kill the virus; You’ll need to either re-flash the CPU (which is not something the standard user or even power user will know how to do) or replace the entire CPU.

permalink
report
parent
reply
13 points

That being said it builds up vulnerabilities in anti-cheats to another beautiful crowstrike like domino cluster fuck

permalink
report
parent
reply
2 points

I personally agree. I think it’s being somewhat overhyped. If step one is physical access to get things rolling… like for sure some machines are in more public areas than others. But for me, someone would have to break into my house first, then access my machine, just to run exploits later. The exploit is pretty massive, but I think needs to be tempered with “first they need physical access”. Because physically controlling machines has always been number 1 for security.

permalink
report
parent
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 3.7K

    Monthly active users

  • 2K

    Posts

  • 23K

    Comments