Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.
It means it’s what we in the trade call “a nothingburger”. On Windows you need to explicitly install a malicious driver (which in turn requires to you to disable signature verification), on Linux you’d have to load a malicious kernel module (which requires pasting commands as root, and it would probably be proprietary since it has malware to hide and as every nvidia user knows, proprietary kernel modules break with kernel updates)
Requires kernel-level access. Also AMD is “releasing mitigations,” so is it “unfixable?”
What does that mean to the rest of us?
It means it’s what we in the trade call “a nothingburger”. On Windows you need to explicitly install a malicious driver (which in turn requires to you to disable signature verification), on Linux you’d have to load a malicious kernel module (which requires pasting commands as root, and it would probably be proprietary since it has malware to hide and as every nvidia user knows, proprietary kernel modules break with kernel updates)
Not to be contrarian, but hackers have signed malicious code with compromised Microsoft driver certificates, so it’s not out of the question that it could be snuck in without having to turn off signing.