AMD Zen 1 through Zen 4 CPUs use an insecure hash function in the signature validation for microcode updates; researchers released a proof of concept update which makes the RDRAND instruction return 4 (github.com)
from cypherpunks@lemmy.ml to security@lemmy.ml on 04 Feb 2025 02:55
https://lemmy.ml/post/25581561

for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the “hardware” random number generator behind the RDRAND instruction with an implementation of xkcd#221 😭

#security

threaded - newest

davel@lemmy.ml on 04 Feb 2025 03:38 next collapse

4? That’s amazing! I’ve got the same RDRAND instruction on my luggage!

cypherpunks@lemmy.ml on 04 Feb 2025 03:48 collapse

<img alt="screenshot of the moment in the 1987 film Spaceballs when President Skroob (Mel Brooks) says “That’s amazing! I’ve got the same combination on my luggage!”. (no text)" src="https://lemmy.ml/pictrs/image/b57033c7-cb80-45c6-9aab-aa3c3533930d.png">

propter_hog@hexbear.net on 04 Feb 2025 03:48 next collapse

Relevant xkcd: xkcd.com/221/

propter_hog@hexbear.net on 04 Feb 2025 03:48 collapse

Ah shit, I just saw you posted the same thing in the body text

whostosay@lemmy.world on 04 Feb 2025 06:17 collapse

In practical terms, can someone explain what this means? Ring 0 from outside a VM.

That would mean that if I were to have an image of an OS, as long as I have local admin while loading this on a VM, I would be able to run code as root?

tiddy@sh.itjust.works on 23 Feb 23:50 collapse

Pretty sure it means the equivalent of root on baremetal (ie ring 0 in a vm is still safe).

Pretty sure on top of that anyone with that access can essentially rewrite your CPU’s brain, allowing ring 0 access even after (for example) selling the CPU.

whostosay@lemmy.world on 24 Feb 02:48 collapse

Didn’t think anyone was gonna get back to me on this, thanks Tiddy.

If you had ring 0 on the bare metal, isn’t it safe to assume that anything that bare metal has, including installed vms is also compromised or easily compromisable?

I’m not too knowledgeable on security yet but this interested me

tiddy@sh.itjust.works on 24 Feb 17:19 collapse

I thought the same, looks like AMD is trying to introduce something to limit that access (ie allow potentially compromised hosts run trusted VMs).

Probably to make VPS’ more attractive to security focused divisions.