05.08.2025., 10:45
|
#570
|
|
McG
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 8,206
|
IMHO ova tema je primjerenija za BadRAM. 
Citiraj:
Citiraj:
The BadRAM attack – which does require physical access to hardware (for example, a rogue admin scenario) – works by abusing the SPD (Serial Presence Detect) chip on a memory module, which identifies the module to hardware. It manipulates the SPD into creating aliases for physical memory, which subsequently can be scoured for secrets in contravention of the TEE integrity goals. AMD is tracking the vulnerability under CVE-2024-21944 and AMD-SB-3015. The Ryzen designer confirmed to The Register that it plans to issue an advisory on Tuesday, December 10, 2024.
"AMD believes exploiting the disclosed vulnerability requires an attacker either having physical access to the system, operating system kernel access on a system with unlocked memory modules, or installing a customized, malicious BIOS," the EPYC house explained in a statement. "AMD recommends utilizing memory modules that lock Serial Presence Detect (SPD), as well as following physical system security best practices. AMD has also released firmware updates to customers to mitigate the vulnerability."
|
Izvor: The Register
|
__________________
AMD Ryzen 9 9950X | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Seasonic GX-750
AMD Ryzen 5 7600 | Noctua NH-U12A chromax.black | MSI MAG B650 Tomahawk Wi-Fi | 128GB Kingston FURY Beast DDR5-5200 | 256GB AData SX8200 Pro NVMe | 2x12TB WD Red Plus | Fractal Define 7 Compact | eVGA 650 B5
|
|
|