AMD confirms security vulnerability in every Zen 1 to Zen 5 processor
AMD confirms security vulnerability in every Zen 1 to Zen 5 processor
www.tweaktown.com
Just a moment...
10 comments
-
EntrySign is a vulnerability that enables attackers with ring 0 or kernel-level access to bypass safeguards.
So almost no security impact and no performance change?
-
no performance change
You must be new here.
Joking. In reality it depends.
The first iteration of this comment had a cheeky observation about the performance impact of these CPU mitigations on Linux, some of which have nearly no real world threat to people not running cloud providers.
And while that's true to a degree, tests disabling some or all of the most modern set of mitigations show that most have become highly optimized and the CPUs themselves have iterated over time to increase the performance of the mitigations as well.
And many of these CPU vulnerabilities actually had in the wild use and can still do horrible things with very little surface exposure from your system. Apologies to the people who read the first version of this comment and took the time to rightly push back.
-
weakness in signature verification algorithm that could allow an administrator privileged attacker to load arbitrary microcode patches
I don't think this will affect performance unless you depend on having to quickly update the CPU microcode multiple times a second.
-
Running untrusted Javascript code from the internet without security mitigations is a bad idea. It's maybe excusable for servers but it still increases the risk of container break out if one of the 100 containers you're running is attacked.
-
-
-
How do I update through linux?
-
Maybe fwupd?
-
You update through UEFI
-
-
Sounds terrible, but fortunately an update is available
10 comments