this post was submitted on 04 Feb 2025
33 points (100.0% liked)

Security

5433 readers
3 users here now

Confidentiality Integrity Availability

founded 6 years ago
MODERATORS
gary_host_laptop@lemmy.ml
33
AMD Zen 1 through Zen 4 CPUs use an insecure hash function in the signature validation for microcode updates; researchers released a proof of concept update which makes the RDRAND instruction return 4 (github.com)
submitted 11 months ago* (last edited 11 months ago) by cypherpunks@lemmy.ml to c/security@lemmy.ml
6 comments fedilink hide all child comments
 

for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the "hardware" random number generator behind the RDRAND instruction with an implementation of xkcd#221 ๐Ÿ˜ญ

you are viewing a single comment's thread
view the rest of the comments
[โ€“] tiddy@sh.itjust.works 1 points 10 months ago

I thought the same, looks like AMD is trying to introduce something to limit that access (ie allow potentially compromised hosts run trusted VMs).

Probably to make VPS' more attractive to security focused divisions.