nzmaa@lemy.lol to Technology@lemmy.worldEnglish · 3 months ago‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infectionswww.wired.comexternal-linkmessage-square53fedilinkarrow-up1220arrow-down136cross-posted to: pcgaming@lemmy.capcmasterrace@lemmit.onlinehardware@lemmy.worldtechnology@hexbear.nettechnology@beehaw.orgpulse_of_truth@infosec.pub
arrow-up1184arrow-down1external-link‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infectionswww.wired.comnzmaa@lemy.lol to Technology@lemmy.worldEnglish · 3 months agomessage-square53fedilinkcross-posted to: pcgaming@lemmy.capcmasterrace@lemmit.onlinehardware@lemmy.worldtechnology@hexbear.nettechnology@beehaw.orgpulse_of_truth@infosec.pub
minus-squareVik@lemmy.worldlinkfedilinkEnglisharrow-up16·3 months agoThe article links to this: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
minus-squareBlackLaZoR@kbin.runlinkfedilinkarrow-up30arrow-down2·3 months ago it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled. If attacker has a ring 0 access he can already screw you up any way he wants
minus-squareVik@lemmy.worldlinkfedilinkEnglisharrow-up9·3 months agothat’s all well and good, I was just responding to someone who wanted the list of affected products
minus-squareWHYAREWEALLCAPS@fedia.iolinkfedilinkarrow-up5·3 months agoIt only mentions ring 0 access in your link, ergo they responded to your post because it was the most appropriate. At least that’s how I see it.
minus-squareVik@lemmy.worldlinkfedilinkEnglisharrow-up1·3 months agoThe link includes ‘CVE-2023-31315’
minus-squareSzethFriendOfNimi@lemmy.worldlinkfedilinkEnglisharrow-up5·3 months agoTrue. This does allow for persistent recurring infection post clean and cold boot. Interesting flaw to keep an eye on.
The article links to this:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
If attacker has a ring 0 access he can already screw you up any way he wants
that’s all well and good, I was just responding to someone who wanted the list of affected products
It only mentions ring 0 access in your link, ergo they responded to your post because it was the most appropriate. At least that’s how I see it.
The link includes ‘CVE-2023-31315’
True. This does allow for persistent recurring infection post clean and cold boot.
Interesting flaw to keep an eye on.