this post was submitted on 12 Aug 2024
511 points (95.9% liked)

Selfhosted

40184 readers
812 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

you are viewing a single comment's thread
view the rest of the comments
[–] narc0tic_bird@lemm.ee 26 points 3 months ago (2 children)

What I mean by that is that they will take a huge disservice to their customers over a slight financial inconvenience (packaging and validating an existing fix for different CPU series with the same architecture).

I don't classify fixing critical vulnerabilities from products as recent as the last decade as "goodwill", that's just what I'd expect to receive as a customer: a working product with no known vulnerabilities left open. I could've bought a Ryzen 3000 CPU (maybe as part of cheap office PCs or whatever) a few days ago, only to now know they have this severe vulnerability with the label WONTFIX on it. And even if I bought it 5 years ago: a fix exists, port it over!

I know some people say it's not that critical of a bug because an attacker needs kernel access, but it's a convenient part of a vulnerability chain for an attacker that once exploited is almost impossible to detect and remove.

[–] Jakeroxs@sh.itjust.works 1 points 3 months ago

Maybe they'll reverse course with enough blowback, they did that once with ryzen already, don't remember which Gen it was but it wasn't going to be backwards compatible with certain type of mobos, but then they released it anyway and some mobo manufacturers did provide bios updates to support it.

Similarish situation could happen here, the biggest hangup I'd think is that the 3000 series is nearly 5 years old, and getting mobo manufacturers on board for that could be difficult.