Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

-8 points
*
Deleted by creator
permalink
report
reply
3 points
Deleted by creator
permalink
report
parent
reply
3 points

Some people really don’t think before they speak do they

permalink
report
parent
reply
40 points

What are you on about?

Ryzen 3xxx series processors are still being sold new today

The oldest zen processors are only just over half a decade old—a consumer CPU should be expected to be in service at least double that time.

permalink
report
parent
reply
-9 points

AMD is producing them new or your local shop us? Because AMD doesnt care about your local tech shop dead stock.

permalink
report
parent
reply
3 points

Maybe they should, and also care about the many people still using these processors that are not very old.

permalink
report
parent
reply
2 points

Support should be 5 years after End of Life or end of Manufacturing date.

permalink
report
parent
reply
11 points

The Ryzen 5 3600 is from 2019. The XT refreshes so Ryzen 5 3600xt from mid 2020

permalink
report
parent
reply
52 points

They aren’t patching CPUs that were released 5 years ago.

They should be patching back to Ryzen 1 since those are still perfectly good CPUs. 5-7 years really isn’t that old considering how little improvement there is with each generation.

permalink
report
parent
reply
1 point

Sure, not much per gen, but if you compare say a 1700x vs the current 9700x, you are roughly looking at a 3x improvement in single and multicore performance increase.

permalink
report
parent
reply
15 points

Most of desktop users don’t care at all about these gains. Slap in normal ram and an SSD and a 1000 series Ryzen is ready to be a run of the mill desktop, that browses and can show media no problem.

I care! But I’m a power user. Most aren’t.

permalink
report
parent
reply
1 point

@just_another_person @TheHolm where do you get the 15 year old hardware from?

permalink
report
parent
reply
7 points

3600 was released in 2019. And it they was making it for at least 2 years.

permalink
report
parent
reply
21 points

My threadripper 1950x is from 2017… and is the cpu powering my primary hypervisor perfectly fine. That’s not 18 years ago, that’s not even 8 years ago.

permalink
report
parent
reply
13 points

Ryzen 2000 and 3000 are still fairly recent and were announced 5-6 years ago.

permalink
report
parent
reply
26 points
Removed by mod
permalink
report
reply
5 points

wake up samurai

permalink
report
parent
reply
-14 points
Removed by mod
permalink
report
parent
reply
2 points

you need a mental evaluation

permalink
report
parent
reply
55 points

The enterprise models are getting patched but the consumer ones aren’t. Shame on them.

permalink
report
reply
12 points

Consumer usage is not really concerned by the attack scenario of this vulnerability from what I understand. The prerequisite is to have access to the bios so it’s already game over at this point.

permalink
report
parent
reply
3 points

Chip makes should not only treat customer CPUs as possibly-business hardware when adding shit like (Intel) ME, Pluton and (AMD) PSP, but also when patching serious vulnerabilities and providing support!

permalink
report
parent
reply
1 point

Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that. But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.

permalink
report
parent
reply
3 points

When you pay for enterprise equipment, you are typically paying a premium for longer, more robust support. Consumer products are less expensive because they don’t get this support.

permalink
report
parent
reply
6 points

Sure, but that feels a little bit like saying “We don’t need guards inside the prison, because we already have them patrolling around the perimeter.”

permalink
report
parent
reply
5 points

I like my eBay “business” class machines

permalink
report
parent
reply
5 points

Any news on the “pro” line? They were installed on business PCs and had additional security features built in. For instance there is a 3600 pro model.

permalink
report
parent
reply
79 points

Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.

So it’s a vulnerability that requires you to.already have been compromised. Hardly seems like news.

I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it’s probably not worth the bad publicity not to fix more.

permalink
report
reply
28 points

The reason that this is news is because it allows malware to embed itself into the processor microcode once kernel is breached. IE: If it is exploited for compromise, you either have to have the knowledge and hardware to reset the processor microcode manually (Requires an SPI flash tool) or you toss the hardware entirely. There’s no just ‘blow the drive away and reinstall the OS’ solution available.

permalink
report
parent
reply
13 points

And that introduces a specific type of supply chain threat: someone who possesses a computer can infect their own computer, sell it or transfer it to the target, and then use the embedded microcode against the target, even if the target completely reformats and reinstalls a new OS from scratch.

That’s not going to affect most people, but for certain types of high value targets they now need to make sure that the hardware they buy hasn’t already been infected in the supply chain.

permalink
report
parent
reply
1 point

I don’t think it gets to the microcode but the UEFI.

permalink
report
parent
reply
18 points

This sounds weird. I was in the impression that operating systems load updated cpu microcode at every boot, because it does not survive a power cycle, and because the one embedded in the BIOS/UEFI firmware is very often outdated. But then how exactly can a virus persist itself for practically forever?

permalink
report
parent
reply
4 points

The OS can’t get to the point of loading cpu microcode without that outdated, embedded microcode. The reason it can persist is because there aren’t a lot of good ways to see what that UEFI microcode actually is once it’s installed. Plus, only the UEFI tells you that it has successfully updated itself. There is no other more authoritative system to verify that against. So the virus could just lie and say it’s gone and you would never know. Hence needing to treat it as the worst case scenario, that it never leaves.

permalink
report
parent
reply
2 points

I personally agree. I think it’s being somewhat overhyped. If step one is physical access to get things rolling… like for sure some machines are in more public areas than others. But for me, someone would have to break into my house first, then access my machine, just to run exploits later. The exploit is pretty massive, but I think needs to be tempered with “first they need physical access”. Because physically controlling machines has always been number 1 for security.

permalink
report
parent
reply
13 points

That being said it builds up vulnerabilities in anti-cheats to another beautiful crowstrike like domino cluster fuck

permalink
report
parent
reply
16 points

It’s important because it allows them to directly modify the CPU’s microcode. Basically, the CPU has its own set of instructions, called microcode, which controls how the chip functions on a physical level. If they manage to change your microcode, even a full system reformat won’t kill the virus; You’ll need to either re-flash the CPU (which is not something the standard user or even power user will know how to do) or replace the entire CPU.

permalink
report
parent
reply
0 points

Welp, glad I avoided that

permalink
report
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 3.7K

    Monthly active users

  • 2K

    Posts

  • 23K

    Comments