Technology

39605 readers

322 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

[email protected]

'You can now jailbreak your AMD CPU' — Google researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips (www.tomshardware.com)

submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

A team of Google researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode updates to affected CPUs. The same Google team has released the full deep-dive on the exploit, including how to write your own microcode. Anyone can now effectively jailbreak their own AMD CPUs.

The exploit affects all AMD CPUs using the Zen 1 to Zen 4 architectures. AMD released a BIOS patch plugging the exploit shortly after its discovery, but any of the above CPUs with a BIOS patch before 2024-12-17 will be vulnerable to the exploit. Though a malicious actor wishing to abuse this vulnerability needs an extremely high level of access to a system to exploit it, those concerned should update their or their organization's systems to the most recent BIOS update.

all 18 comments

sorted by: hot top controversial new old

[–] [email protected] 61 points 4 months ago (2 children)

From the article:

helped in no small part by AMD reusing a publicly-accessible NIST example key as its security key

That's a whole new level of .. something.

[–] [email protected] 31 points 4 months ago (1 children)

90% of security vulnerabilities are caused by "let's just use/do this for now and change it before production".

[–] [email protected] 5 points 4 months ago (1 children)

What does the fix look like?

Code scanners? Hackathons? Code review by new hires? Education? Methodology?

[–] [email protected] 5 points 4 months ago

All of the above and more? There's always the risk of something falling through the cracks, so the more layers of security measures you add/can afford the better.

[–] [email protected] 10 points 4 months ago (1 children)

I'd like that to be "new", but... It's not exactly the first time this exact thing happened in tech.

[–] [email protected] 6 points 4 months ago

I spent quite some time trying to find a better way to put it, but stupid, idiot, ignorance, incredulity just didn't seem to cover the experience of WTAF?

[–] [email protected] 11 points 4 months ago (1 children)

Any guesses how long it will take for someone to use this jailbreak to get Doom to run on just the CPU?
In theory, at least some of the affected processors should have more than enough cache to run it directly from there, right?

Though I have to admit that I don't understand CPU internals well enough to know if the microcode even has enough control over the chip to make that physically possible.

[+] [email protected] 8 points 4 months ago* (last edited 1 month ago) (3 children)

[deleted]

[–] [email protected] 5 points 4 months ago* (last edited 4 months ago)

Microcode is used to „patch” a CPU in case bugs are found and allows tweaks to very low level logic. From the original research paper it looks like understanding microcode is a challenge, let alone writing new microcode. In all likelihood this will be used for more research and reverse engineering of things that are trade secrets closed from public knowledge.

Now that we have examined the vulnerability that enables arbitrary microcode patches to be installed on all (un-patched) Zen 1 through Zen 4 CPUs, let's discuss how you can use and expand our tools to author your own patches. We have been working on developing a collection of tools combined into a single project we’re calling zentool. The long-term goal is to provide a suite of capabilities similar to binutils, but targeting AMD microcode instead of CPU machine code. You can find the project source code here along with documentation on how to use the tools.

The zentool suite consists of tools for microcode patch examination including limited disassembly, microcode patch authoring using a limited amount of reverse engineered assembly, microcode patch signing, and microcode patch loading. We plan to also release details on how to decrypt and encrypt microcode patches in the future. A significant portion of the ongoing research is focused on building an accurate understanding of the AMD microcode instruction set – the current disassembly and assembly are not always accurate due to this challenge.

[–] [email protected] 1 points 4 months ago (1 children)

You can jailbreak your tesla to give you heated seats without paying that clown. For starters.

[–] [email protected] 2 points 4 months ago

You said the phrase, so I unfortunately need to share this music video. My apologies.

[–] [email protected] 3 points 4 months ago

Perhaps this could be used to jailbreak the PS5 🤔