cybersecurity

4002 readers

110 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

AMD confirms security vulnerability in every Zen 1 to Zen 5 processor (www.tweaktown.com)

submitted 4 days ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 4 days ago (1 children)

Running untrusted Javascript code from the internet without security mitigations is a bad idea. It's maybe excusable for servers but it still increases the risk of container break out if one of the 100 containers you're running is attacked.

[–] [email protected] 3 points 4 days ago* (last edited 4 days ago)

Yeah... I mean, I did hedge by saying "depends on your CPU and your risk profile", but I understand your point and will edit my comment to caution readers before playing with foot finding firearms.

From my understanding it's a mixed bag. Some of those vulnerabilities were little more than theoretical exploits from within high levels of trust, like this one. Important if you're doing a PaaS/IaaS workload like AWS, GCP etc and you need to keep unknown workloads safe, and your hypervisor safe from unknown workloads.

Others were super scary direct access to in-memory processes type vulnerabilities. On Linux you can disable certain mitigations while not disabling others, so in theory you could find your way to better performance at a near zero threat increase, but yes, better safe than sorry.