this post was submitted on 09 Aug 2024
186 points (86.6% liked)

Technology

60074 readers
3657 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] riskable 13 points 4 months ago (2 children)

A list of the effected processors would've been nice, Wired.

[–] [email protected] 16 points 4 months ago (1 children)
[–] [email protected] 28 points 4 months ago (2 children)

it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.

If attacker has a ring 0 access he can already screw you up any way he wants

[–] [email protected] 9 points 4 months ago (1 children)

that's all well and good, I was just responding to someone who wanted the list of affected products

[–] [email protected] 5 points 4 months ago (1 children)

It only mentions ring 0 access in your link, ergo they responded to your post because it was the most appropriate. At least that's how I see it.

[–] [email protected] 1 points 4 months ago

The link includes 'CVE-2023-31315'

[–] [email protected] 5 points 4 months ago

True. This does allow for persistent recurring infection post clean and cold boot.

Interesting flaw to keep an eye on.

[–] [email protected] 5 points 4 months ago* (last edited 4 months ago)

AMD hadn't published a list when the article was first run, but it has since been updated:

but it pointed to a full list of affected products that can be found on its website's [security bulletin page](but it pointed to a full list of affected products that can be found on its website's security bulletin page..