[HN Gopher] Intel Hardware allows activation of test or debug lo...
___________________________________________________________________
Intel Hardware allows activation of test or debug logic at runtime
Author : _tk_
Score : 47 points
Date : 2021-11-09 19:20 UTC (3 hours ago)
(HTM) web link (www.intel.com)
(TXT) w3m dump (www.intel.com)
| [deleted]
| SavantIdiot wrote:
| Uh oh, looks like someone left the DF* (DF-star, a.k.a. design
| for X) features accessible and not fused-off. The links on the
| intel page don't show any details, nor does googling the CVE.
| mook wrote:
| Looks like (according to Intel) it's only the lower end Pentium /
| Celeron / Atom stuff; it wouldn't be useful for the kinds of
| chips people are most interested in circumventing ME for, though
| perhaps there are things that are useful to learn...
|
| Also mildly interesting, Dmitry Sklyarov was credited... appears
| to be the same one from Elcomsoft that got arrested at one point
| because Adobe complained (and DMCA).
| tyingq wrote:
| Also seems to require physical access:
|
| _" may allow an unauthenticated user to potentially enable
| escalation of privilege via physical access"_
|
| I'm sure there's cases where that's still an issue, but for me,
| if they have their hands on it it's probably game over via some
| other route.
| zsmi wrote:
| The CVE is reserved at this time so it's hard to be sure.
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0146
|
| They're not impenetrable per se, but iPhone is pretty secure,
| even with physical access.
| kcb wrote:
| The Atom SoCs in question were widely used in network switches
| and appliances.
| rbanffy wrote:
| The Atom C3000 family is really cursed, it seems.
| frankharv wrote:
| Worse than the C2xxx family? Intel has a trust deficit.
|
| https://www.theregister.com/2017/02/07/intel_atom_failures_g...
___________________________________________________________________
(page generated 2021-11-09 23:00 UTC)