this post was submitted on 15 Nov 2023
1 points (100.0% liked)

AMD

26 readers
4 users here now

For all things AMD; come talk about Ryzen, Radeon, Threadripper, EPYC, rumors, reviews, news and more.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (3 children)

It is really interesting and stupid to inform about vulnerabilities because if some competent hacker dont know about it now it does :D

[–] [email protected] 1 points 1 year ago

CacheWarp was discovered earlier this year and AMD was informed in APRIL.

The researchers gave AMD 8 months to come up with a patch before publication.

You can't blame the researchers for publishing their work, they gave AMD plenty of time to address it.

[–] [email protected] 1 points 1 year ago

Security through obscurity is usually a terrible idea. Almost all the time it gets published BECAUSE there's a high likelihood of it being found out pretty soon, something is already in the wild, OR it was patched long ago.

We prioritize patching against anything actively exploited which usually happens BEFORE patches even get written.

[–] [email protected] 0 points 1 year ago (1 children)

I thought they only did that after the fix...

[–] [email protected] 1 points 1 year ago

Companies are informed before the public, they are then given a period of time before the public release of the info in order to fix it. This is how its worked for quite a while now.

Hiding the information does nothing, someone out there is possibly already using the attack anyway and making it public forces the company to act instead of sweeping the problem away.

(Though AMD likes to make the fixes optional when they do get around to it anyway but details.)