Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
If you have kernel access you can already do almost everything so a vulnerability on top of that isn’t that bad since no one should have kernel access to your computer
It means it’s what we in the trade call “a nothingburger”. On Windows you need to explicitly install a malicious driver (which in turn requires to you to disable signature verification), on Linux you’d have to load a malicious kernel module (which requires pasting commands as root, and it would probably be proprietary since it has malware to hide and as every nvidia user knows, proprietary kernel modules break with kernel updates)
Requires kernel-level access. Also AMD is “releasing mitigations,” so is it “unfixable?”
If you have kernel access you can already do almost everything so a vulnerability on top of that isn’t that bad since no one should have kernel access to your computer
You mean like Crowdstrike?
MostAll antivirus software runs at kernel levelWhat does that mean to the rest of us?
It means it’s what we in the trade call “a nothingburger”. On Windows you need to explicitly install a malicious driver (which in turn requires to you to disable signature verification), on Linux you’d have to load a malicious kernel module (which requires pasting commands as root, and it would probably be proprietary since it has malware to hide and as every nvidia user knows, proprietary kernel modules break with kernel updates)
Not to be contrarian, but hackers have signed malicious code with compromised Microsoft driver certificates, so it’s not out of the question that it could be snuck in without having to turn off signing.