If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.
Comment on Researchers discover potentially catastrophic exploit present in AMD chips for decades
db2@lemmy.world 4 months agoIt does mean that any secondhand computer or CPU (or even CPU from a sketchy source) could be compromised prior to being physically sold.
It’s worse than that, any AMD chip from any source except maybe AMD directly is suspect. Mine is a few years old from Amazon supposedly new, for all I know it came compromised and is sitting there doing what I tell it to until it triggers and I won’t even know when or if it happens.
rhombus@sh.itjust.works 4 months ago
db2@lemmy.world 4 months ago
It allows for adulteration of firmware, the CPU has firmware. 🤷
rhombus@sh.itjust.works 4 months ago
CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.
db2@lemmy.world 4 months ago
You forget that the CPU has a nanny CPU built in these days.
SupraMario@lemmy.world 4 months ago
That’s not how this exploit works at all…you have to have physical access to the machine basically. This is a nothing burger.
db2@lemmy.world 4 months ago
That’s to get it installed, not if it’s already there.
SupraMario@lemmy.world 4 months ago
It’s not going to be there because if you’re compromised via physical access, no one is going to give a shit about this exploit… it’s like someone having the keys to your house and then being worried they’re going to smash out a window to gain access.
db2@lemmy.world 4 months ago
I don’t think you’re following along here. The physical access would have already happened prior to the CPU even being in my possession.