When you decode media with hardware decoding, you're depending on the security of the media decoding firmware / hardware and again IOMMU isolation to provide any kind of sandbox. You depend on the security of the CPU. When you go browse the web, running untrusted JavaScript code,
Conversation
you are assuming that the CPU is actually capable of safely running that code without it gaining control over everything else. You're relying on the firmware / microcode / hardware security. A best case scenario is they designed it to update as much as possible after the fact.
1
5
Otherwise, a hardware vulnerability is found, and they are often found, and you're just screwed. We live in an time where serious game over bugs exploitable by JavaScript code are being published and fixed via microcode / firmware updates for CPUs and GPUs on a regular basis.
Replying to
By the way, meant to attach this to an existing thread but I guess it's not all that bad as a standalone thread. Missing the context and points that I was making though about the attack surface exposed by GPUs, radios, etc. and the capabilities even without escaping isolation.
3
Replying to
Yes, lots of issues that are not completely mitigated in software + firmware updates. If people aren't receiving microcode updates, they have far more serious issues too. Some Linux distributions don't ship microcode updates. The microcode is still present, but out-of-date.
1
Show replies