AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose'

That's so stupid, also because they have fixes for Zen and Zen 2 based Epyc CPUs available.

Intel vs. AMD isn't "bad guys" vs. "good guys". Either company will take every opportunity to screw their customers over. Sure, "don't buy Intel" holds true for 13th and 14th gen Core CPUs specifically, but other than that it's more of a pick your poison.

Really not good enough from AMD. I wonder if Intel wasn't a complete dumpster fire right now if they would still cut off the fix at Zen 3 (I doubt it). There's really no reason not to issue a fix for these other than they don't want to pay the engineers for the time to do it, and they think it won't cost them any reputational damage.

I hate that every product and company sucks so hard these days.

Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.

So it's a vulnerability that requires you to.already have been compromised. Hardly seems like news.

I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it's probably not worth the bad publicity not to fix more.

I feel like this is the perfect place for Right to Repair legislation: the product is broken? And it's outside your support window? Then give customers what they need to make the fix themselves. It's not good enough to say "meh, guess you gotta buy one of our newer chips then 🤷"

The enterprise models are getting patched but the consumer ones aren’t. Shame on them.

welp, time to go buy intel... wait.

lol for the past 15 years I have "rebuilt" my desktop every 5 years but I didn't expect the would try to force me out of my 7 3700x right on the date

How severe is this vulnerability?

Lets get shit together and sue them to either fucking do it or open source all their expired hardware.

I thought i was going to switch to AMD but there's no PSP switch that I know of and I can switch ME off. I'll be going with the RISC V before I go anywhere. Fuck these corporations. ALL OF THEM.

AMD has unfortunately a long history of abandoning products before its reasonable on its graphics division. Its not really acceptable, up until earlier this year my NAS/server was running a 3600 and its only for power saving purposes I changed that as its still a very workable CPU in that role.

Yay, another BIOS update!

I am getting so sick of all these BIOS updates because of all these security vulnerabilities all the time. It is so tiring having to set up my settings all over again all of the time. Earlier this year, or maybe it was last year, it felt like every month or two there was a new BIOS update for a new security vulnerability.

So I have a 3700x, I've read about the vulnerability but don't fully understand it. How at risk am I?

so that means you can internally flash the bios chip from the os?

would be cool if there were coreboot builds for these platforms, this exploit seems pretty useful

*Cries in 5 2600 and 1070*

Basically, reflash spi chips and it'll be gone, and to be infected by that, person gotta have physical access to hardware he hacks, and physical access is root access as always has been

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

3 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

[Thread #919 for this sub, first seen 12th Aug 2024, 20:35] [FAQ] [Full list] [Contact] [Source code]

Shit, I have desktops running with 2200G and 2400G.

anyone know how intel's microcode update policy is in comparison to AMD's?

custom firmware!

AMD published a list with the mitigation on Sinkclose on all their processor ranges, and the ComboPI version that will have a patch:

Security bulletin 7014

Welp, glad I avoided that

AMD's hold my beer moment...

Permanently Deleted