A recent vulnerability analysis made by the Google Bug Hunters team reveals an important flaw in the microcode signature validation process for AMD Zen processors. This AMD Zen processor vulnerability, which was publicly disclosed in February 2025, sheds light on potential risks associated with AMD’s microcode patching mechanism—a process that allows the company to update and patch hardware-level bugs without requiring new physical hardware.
The Role of Microcode in Modern CPUs
At the core of modern x86 CPUs lies a system of instructions that enables complex computational tasks. These processors employ a hybrid architecture that combines high-level x86 instructions with low-level operations executed by a Reduced Instruction Set Computing (RISC) engine.
The RISC engine, known as the microcode engine, plays an important role in executing these operations. Both Intel and AMD design their own microcode engines, which, although undocumented, function similarly to other well-known RISC architectures, such as ARM or RISC-V.
A typical x86 processor is made up of multiple cores, each capable of executing instructions in parallel. The CPU’s architecture divides the processing task into two primary components: the frontend and the backend. The frontend fetches and decodes instructions, while the backend executes them. Microcode steps in when more complex instructions need to be processed. This enables CPUs to handle advanced features and edge cases that may be too complex to implement directly in hardware.
Microcode Patch Mechanism: Fixing Hardware Bugs
Historically, fixing hardware flaws in CPUs was an expensive and time-consuming process, as it often required redesigning the hardware and manufacturing new components. To circumvent this, both AMD and Intel introduced microcode updates, allowing manufacturers to patch issues at the software level without needing new hardware.
For AMD, this microcode patching system has been in place since the K8 architecture in 2003. Through updates that can be applied via BIOS or operating systems, AMD’s microcode patches address performance, security, or stability issues in its CPUs.
The Process of Applying Microcode Patches
The application of a microcode patch on AMD Zen processors follows a four-step procedure:
- Authorship: AMD generates a microcode patch, a binary blob that includes a header with metadata, an RSA public key modulus, a Montgomery inverse of the public key, and an encrypted array of micro-operations (micro-ops) that define the patch.
- Authentication: The patch is signed using AMD’s private RSA key. The CPU’s microcode will verify this signature against a hardcoded public key embedded in the processor during manufacturing to ensure only authentic patches are loaded.
- Delivery: The signed patch is then delivered to OEMs, operating systems, and other partners for validation and distribution.
- Verification and Installation: The patch is received by the system, which verifies its integrity by checking the cryptographic signature using the embedded public key. If the patch is valid, it is installed into the CPU’s internal patch RAM.
The AMD Zen Processor Vulnerability
Despite the strong cryptographic protections AMD put in place, an important flaw was recently uncovered in the microcode signature validation process used by AMD Zen CPUs. Specifically, the system relies on the RSASSA-PKCS1-v1_5 signature algorithm, but instead of using a secure hash function like SHA-256, AMD employs AES-CMAC (Cipher-based Message Authentication Code), which is not a secure hash function.
AES-CMAC is a type of message authentication code that, while effective for some purposes, is vulnerable to collision attacks. A collision occurs when two different inputs produce the same output, which can allow attackers to manipulate the hashing process. In the case of AMD Zen processors, this vulnerability enables an attacker to forge valid microcode patches by crafting a fake RSA public key that matches an already authenticated patch’s signature, says the Google Bug Hunters Blog.
This weak cryptographic design, along with the use of AES-CMAC, opens the door for potential exploitation. If an attacker can access the key used for AES-CMAC, they can bypass the system’s signature verification process, allowing them to inject custom, malicious microcode patches into the CPU without triggering security alerts.
Exploiting the AMD Zen Processor Vulnerability
Researchers from the Google Bug Hunters team discovered that a publicly known key from the NIST SP 800-38B publication was used in older AMD Zen CPUs, including those from the Zen 1 and Zen 4 architectures. By leveraging this knowledge, the researchers were able to generate new RSA public keys that collided with the legitimate AMD key, creating microcode patches that appeared authentic to the CPU’s verification process.
Although exploiting this vulnerability is technically challenging, the consequences could be severe. With access to the necessary key, an attacker could alter the CPU’s microcode to disable critical security features, install malicious firmware, or bypass protections without detection by traditional security mechanisms.
Conclusion
The Signature Validation Vulnerability in AMD Zen microcode highlights the need for stronger cryptographic practices in securing modern processors. This flaw shows that even established systems can have hidden vulnerabilities, emphasizing the importance of adopting standardized security measures.
