A team of Google researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode updates to affected CPUs. The same Google team has released the full deep-dive on the exploit, including how to write your own microcode. Anyone can now effectively jailbreak their own AMD CPUs.
The exploit affects all AMD CPUs using the Zen 1 to Zen 4 architectures. AMD released a BIOS patch plugging the exploit shortly after its discovery, but any of the above CPUs with a BIOS patch before 2024-12-17 will be vulnerable to the exploit. Though a malicious actor wishing to abuse this vulnerability needs an extremely high level of access to a system to exploit it, those concerned should update their or their organization’s systems to the most recent BIOS update.
From the article:
helped in no small part by AMD reusing a publicly-accessible NIST example key as its security key
That’s a whole new level of … something.
90% of security vulnerabilities are caused by “let’s just use/do this for now and change it before production”.
coming from jailbreaking iphones, what exactly does jailbreaking a cpu imply in this case?
I figure you can already do what you want in your pc so what “features” was being blocked from users?
deleted by creator
deleted by creator
deleted by creator
deleted by creator
deleted by creator
Any guesses how long it will take for someone to use this jailbreak to get Doom to run on just the CPU?
In theory, at least some of the affected processors should have more than enough cache to run it directly from there, right?Though I have to admit that I don’t understand CPU internals well enough to know if the microcode even has enough control over the chip to make that physically possible.
deleted by creator
