Cybersecurity

5404 readers

90 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

New AMD SinkClose flaw helps install nearly undetectable malware (www.bleepingcomputer.com)

submitted 1 month ago by DocMcStuffin@lemmy.world to c/cybersecurity@sh.itjust.works

20 comments fedilink hide all child comments

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5), the flaw was discovered by IOActive Enrique Nissim and Krzysztof Okupski, who named privilege elevation attack 'Sinkclose.'

Full details about the attack will be presented by the researchers at tomorrow in a DefCon talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation."

you are viewing a single comment's thread
view the rest of the comments

[–] DarkThoughts@fedia.io -1 points 1 month ago* (last edited 1 month ago)

According to AMD's advisory, the following models are affected:

EPYC 1st, 2nd, 3rd, and 4th generations
EPYC Embedded 3000, 7002, 7003, and 9003, R1000, R2000, 5000, and 7000
Ryzen Embedded V1000, V2000, and V3000
Ryzen 3000, 5000, 4000, 7000, and 8000 series
Ryzen 3000 Mobile, 5000 Mobile, 4000 Mobile, and 7000 Mobile series
Ryzen Threadripper 3000 and 7000 series
AMD Threadripper PRO (Castle Peak WS SP3, Chagall WS)
AMD Athlon 3000 series Mobile (Dali, Pollock)
AMD Instinct MI300A

So people have the choice between self destructing cpus, and those who pose a security threat to you. Though I guess Intel's Intel Management Engine and AMD's Platform Security Processor are already security threats anyway, since they're basically intended backdoors.