[HN Gopher] Intel Hardware allows activation of test or debug lo... ___________________________________________________________________ Intel Hardware allows activation of test or debug logic at runtime Author : _tk_ Score : 47 points Date : 2021-11-09 19:20 UTC (3 hours ago) (HTM) web link (www.intel.com) (TXT) w3m dump (www.intel.com) | [deleted] | SavantIdiot wrote: | Uh oh, looks like someone left the DF* (DF-star, a.k.a. design | for X) features accessible and not fused-off. The links on the | intel page don't show any details, nor does googling the CVE. | mook wrote: | Looks like (according to Intel) it's only the lower end Pentium / | Celeron / Atom stuff; it wouldn't be useful for the kinds of | chips people are most interested in circumventing ME for, though | perhaps there are things that are useful to learn... | | Also mildly interesting, Dmitry Sklyarov was credited... appears | to be the same one from Elcomsoft that got arrested at one point | because Adobe complained (and DMCA). | tyingq wrote: | Also seems to require physical access: | | _" may allow an unauthenticated user to potentially enable | escalation of privilege via physical access"_ | | I'm sure there's cases where that's still an issue, but for me, | if they have their hands on it it's probably game over via some | other route. | zsmi wrote: | The CVE is reserved at this time so it's hard to be sure. | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0146 | | They're not impenetrable per se, but iPhone is pretty secure, | even with physical access. | kcb wrote: | The Atom SoCs in question were widely used in network switches | and appliances. | rbanffy wrote: | The Atom C3000 family is really cursed, it seems. | frankharv wrote: | Worse than the C2xxx family? Intel has a trust deficit. | | https://www.theregister.com/2017/02/07/intel_atom_failures_g... ___________________________________________________________________ (page generated 2021-11-09 23:00 UTC)