A team of Google researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode updates to affected CPUs. The same Google team has released the full deep-dive on the exploit, including how to write your own microcode. Anyone can now effectively jailbreak their own AMD CPUs.
The exploit affects all AMD CPUs using the Zen 1 to Zen 4 architectures. AMD released a BIOS patch plugging the exploit shortly after its discovery, but any of the above CPUs with a BIOS patch before 2024-12-17 will be vulnerable to the exploit. Though a malicious actor wishing to abuse this vulnerability needs an extremely high level of access to a system to exploit it, those concerned should update their or their organization’s systems to the most recent BIOS update.
Any guesses how long it will take for someone to use this jailbreak to get Doom to run on just the CPU?
In theory, at least some of the affected processors should have more than enough cache to run it directly from there, right?
Though I have to admit that I don’t understand CPU internals well enough to know if the microcode even has enough control over the chip to make that physically possible.
The new AMD 9950X3D CPU has 128MiB of L3 cache. Windows 95 installs to about 60MiB in total. Doom takes up 12MiB for all episodes. That means in theory you could load all of Windows 95 and DOOM into the L3 cache with some room to spare.
Of course this wouldn’t work out in practice because you’d lose those cache lines at some point during execution. However, Intel does have a part in its boot process where it runs a miniature OS in cache alone, but that’s part of the CPU design and probably can’t be altered.
If you could hijack the temporary “use cache as RAM” stage, you’d still lack video output or game input. I don’t think you can initialize the I/O components without completely clobbering the cache?