If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.
CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.
Which, again, is an incredibly unlikely attack vector unless you have some government secrets on your computer. And chances are that any attack through the IME or PSP is trying to do an implant into the UEFI/BIOS and not the processor itself.
If I understand it correctly, the chip has the vulnerability, but the malware would be installed on the motherboard in the form of a bootkit. So getting a used CPU is not a threat, but getting a used motherboard is (and kind of always has been) a risk.
It allows for adulteration of firmware, the CPU has firmware. 🤷
CPU firmware exploits are incredibly rare, if there even are any that exist beyond proof-of-concept. The chances of getting an infected CPU from this is so unlikely it’s practically impossible.
You forget that the CPU has a nanny CPU built in these days.
Which, again, is an incredibly unlikely attack vector unless you have some government secrets on your computer. And chances are that any attack through the IME or PSP is trying to do an implant into the UEFI/BIOS and not the processor itself.