this post was submitted on 09 Aug 2024
184 points (85.9% liked)

Technology

59288 readers
4851 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] riskable@programming.dev 13 points 3 months ago (2 children)

A list of the effected processors would've been nice, Wired.

[–] vikingtons@lemmy.world 16 points 3 months ago (1 children)
[–] BlackLaZoR@kbin.run 28 points 3 months ago (2 children)

it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.

If attacker has a ring 0 access he can already screw you up any way he wants

[–] vikingtons@lemmy.world 9 points 3 months ago (1 children)

that's all well and good, I was just responding to someone who wanted the list of affected products

[–] WHYAREWEALLCAPS@fedia.io 5 points 3 months ago (1 children)

It only mentions ring 0 access in your link, ergo they responded to your post because it was the most appropriate. At least that's how I see it.

[–] vikingtons@lemmy.world 1 points 3 months ago

The link includes 'CVE-2023-31315'

[–] SzethFriendOfNimi@lemmy.world 5 points 3 months ago

True. This does allow for persistent recurring infection post clean and cold boot.

Interesting flaw to keep an eye on.

[–] mox@lemmy.sdf.org 5 points 3 months ago* (last edited 3 months ago)

AMD hadn't published a list when the article was first run, but it has since been updated:

but it pointed to a full list of affected products that can be found on its website's [security bulletin page](but it pointed to a full list of affected products that can be found on its website's security bulletin page..