• @kata1yst@sh.itjust.works
    link
    fedilink
    324 months ago

    Yeah, and to exploit it you need ring0 access in the kernel.

    In other words, this isn’t an attack vector, it’s an escalation path. It escalates past the kernel, which is terrible to be sure, but if a hacker manages to get that deep in the first place, your system is already fucked.

  • BlackLaZoR
    link
    fedilink
    314 months ago

    Requires ring 0 access to the system in the first place. So for any normal user it’s a nothing burger

    • @breadsmasher@lemmy.world
      link
      fedilink
      94 months ago

      Not quite a nothingburger

      Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity.

      • @Auli@lemmy.ca
        link
        fedilink
        14 months ago

        Woudn’t secure boot catch this as long as you don’t have one of the boards with the do not use key.

      • BlackLaZoR
        link
        fedilink
        -24 months ago

        I know, but this requires a supply chain attack - not a likely thing to happen,

        • @breakingcups@lemmy.world
          link
          fedilink
          34 months ago

          This does not require a supply chain attack, just a user ignorantly clicking yes on a UAC prompt. After which the machine is forever compromised, even after replacing ssds / hdds.

            • @Breadhax0r@lemmy.world
              link
              fedilink
              24 months ago

              From my understanding it allows malicious code to be installed in protected memory on the CPU itself, so you can’t get rid of it once it’s there without a lot of extra work

    • @PassingThrough@lemmy.world
      link
      fedilink
      74 months ago

      Not entirely a nothing burger, I think. If there’s any truth to the anti-cheat outrage, there’s a large population of average joes handing out ring 0 access to a growing number of third or fourth party companies for the purpose of kernel level anti-cheat in video games.

      Still a supply chain attack or a vulnerability in one of the A/C programs, but not as impossible as we would like it to be.

    • @MetaCubed@lemmy.world
      link
      fedilink
      34 months ago

      I really dislike the idea of “needs ring 0 = nothingburger”.

      There’s plenty if ways to gain ring 0 access like a user to approving a UAC prompt… Or for an attacker to utilize any number of existing ring 0 escalation vulnerabilities on an unpatched system, or for a UAC bypass to be utilized, or for the attacker to establish a RAT on the system using a tech support scam or similar.

      Difficult? Yes!

      Only viable via a supply chain attack as some like to suggest? Absolutely not.

  • @conorab@lemmy.conorab.com
    link
    fedilink
    14 months ago

    I have a pretty new AMD system I use for gaming. The vast majority of games run in a Windows VM in Proxmox with GPU passthrough with exception to Fortnite which runs directly on hardware on a different boot drive specifically because Easy Anticheat blocks VMs. That dedicated install becomes less and less attractive by the day.