Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

  • Grippler@feddit.dk
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    They are 100% not patching old chips intentionally by not allocating resources to it. It’s a conscious choice made by the company, it is very much “on purpose”.

    • Victor@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      That’s not what I was referring to. I was referring to the act of “adding vulnerabilities”. Surely they aren’t doing that on purpose. And surely they would add fixes for it if it was economically viable? It’s a matter of goodwill and reputation, right?

      I don’t know, I just don’t think it’s AMD’s business model to “screw over” their customers. I just don’t.

      • narc0tic_bird@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        What I mean by that is that they will take a huge disservice to their customers over a slight financial inconvenience (packaging and validating an existing fix for different CPU series with the same architecture).

        I don’t classify fixing critical vulnerabilities from products as recent as the last decade as “goodwill”, that’s just what I’d expect to receive as a customer: a working product with no known vulnerabilities left open. I could’ve bought a Ryzen 3000 CPU (maybe as part of cheap office PCs or whatever) a few days ago, only to now know they have this severe vulnerability with the label WONTFIX on it. And even if I bought it 5 years ago: a fix exists, port it over!

        I know some people say it’s not that critical of a bug because an attacker needs kernel access, but it’s a convenient part of a vulnerability chain for an attacker that once exploited is almost impossible to detect and remove.