This flaw allows attackers with local administrator privileges to bypass AMD’s cryptographic verification system and install custom microcode updates on affected CPUs.
If you already have local administrator privileges, you have access to the system and its data anyway. Doesn’t seem that critical a flaw. It doesn’t even survive reboots.
Regardless, AMD has already issued a fix.
That’s not a flaw. That’s a right to repair requirement.
It sound’s more like a feature.
The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1…
The perils of cut/paste
Could this be used to develop homebrew microcode? Could we finally disable the PSP with this?
We already have a few “microcode” jailbreaks
If making the PRNG on your CPU predictable can compromise your whole system, then your kernel is not doing its job.
