[danarmak]

He posted again later clarifying which systems and configuration were vulnerable:

https://twitter.com/aionescu/status/1393955460517040129

> * AMD Zen "Summit Ridge" Stepping B1. That is Ryzen's 1xxx series.

> * AMD Zen2 "Matisse", "XT" series only. That is Ryzen's 3xxx series.

Other info at:

https://twitter.com/aionescu/status/1394039410300051456 https://twitter.com/aionescu/status/1394359314102427650 https://twitter.com/aionescu/status/1394359317038452738

Regardless, the vulnerability is in the driver, not the CPU / microcode. Also in the WHQL process that signed such a 'fake' driver. Until the signature is revoked, it might be possible for an attacker to manually install the signed driver on other system configurations too.