for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the “hardware” random number generator behind the RDRAND instruction with an implementation of xkcd#221 😭
In practical terms, can someone explain what this means? Ring 0 from outside a VM.
That would mean that if I were to have an image of an OS, as long as I have local admin while loading this on a VM, I would be able to run code as root?