Cybersecurity

10 readers

4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability." (fedia.io)

submitted 1 day ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io

3 comments fedilink hide all child comments

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."

The vulnerability was leaked by #ASUS in their beta BIOS changelog:

https://web.archive.org/web/20250106151231/https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/

ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.

#infosec #cybersecurity

you are viewing a single comment's thread
view the rest of the comments

[–] gabrielesvelto@fosstodon.org 1 points 1 day ago (1 children)

@harrysintonen@infosec.exchange hadn't seen that, but I had seen that "PeCoffLoader memory overflow issue for security" which sounded oddly suspicious

[–] harrysintonen@infosec.exchange 1 points 1 day ago* (last edited 23 hours ago)

@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn't seem to be going great here.

Update: The "PeCoffLoader memory overflow issue for security" likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796