genmud@alien.topBtoGadgets@hardware.watch•Intel knew about the Downfall CPU vulnerability but did nothing for five years, a new class action claimsEnglish
1·
1 year agoUh, no they aren’t. If code can be executed, these bugs can be exploited.
Like how everyone said spectre was a nothingburger and then there was a JS based POC.
Not really, there are plenty of things you can do to get around that. It also has been proven many of these bugs, while hard to pull off, can be used to great effect. Most security practitioners don’t have the technical understanding to accurately understand the impact of these types of vulnerabilities and are used to being the smartest people in the room, so sometimes understate the impact of these vulnerabilities.
This exact thing played out with a number of silicon or microcode vulnerabilities… “well, it only impacts cloud providers, oh, I guess it does impact desktops, but it’s limited to a single core, oh, there is a memory controller that can access things across cores, oh…”.
Unless someone has experience with HDL or has an extensive low level background, I would encourage people to take what they say with a grain of salt.