AMD: Microcode Signature Verification Vulnerability
github.com
### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...

for readers missing the significance of the number 4 in the proof of concept: to demonstrate this vulnerability the researchers created a microcode update which replaces the “hardware” random number generator behind the RDRAND instruction with an implementation of xkcd#221 😭

  • chingadera
    37 days ago

    In practical terms, can someone explain what this means? Ring 0 from outside a VM.

    That would mean that if I were to have an image of an OS, as long as I have local admin while loading this on a VM, I would be able to run code as root?

  • davel [he/him]English
    67 days ago

    4? That’s amazing! I’ve got the same RDRAND instruction on my luggage!