AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices.
The security flaw (CVE-2024-56161) is caused by an improper signature verification weakness in AMD’s CPU ROM microcode patch loader.
Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of a confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
According to AMD’s development resources, SEV isolates guests and the hypervisor from one another, and SEV-SNP adds memory integrity protection that creates an isolated execution environment by helping prevent malicious hypervisor-based attacks (e.g., data replay, memory re-mapping, and more).
AMD now provides mitigation requiring a microcode update on all affected platforms to block malicious microcode execution.
Some platforms also require a SEV firmware update for SEV-SNP attestation, with users having to update the system BIOS and reboot to enable attestation of the mitigation.
To confirm that the mitigation has been correctly installed, check whether the microcode version(s) matches the one(s) listed in the table below.
| Code Name | Family | CPUID |
| Naples | AMD EPYC 7001 Series | 0x00800F12 |
| Rome | AMD EPYC 7002 Series | 0x00830F10 |
| Milan | AMD EPYC 7003 Series | 0x00A00F11 |
| Milan-X | AMD EPYC 7003 Series | 0x00A00F12 |
| Genoa | AMD EPYC 9004 Series | 0x00A10F11 |
| Genoa-X | AMD EPYC 9004 Series | 0x00A10F12 |
| Bergamo/Siena | AMD EPYC 9004 Series | 0x00AA0F02 |
“We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates,” the Google Security Team said.
“This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement.”
Google security researchers, credited with finding and reporting this flaw to AMD, have also shared a proof-of-concept (PoC) exploit (tested on AMD EPYC and AMD Ryzen 9 CPUs) that shows how attackers can create arbitrary microcode patches.
Their PoC exploit makes the RDRAND instruction on vulnerable AMD Zen processors always return 4, which also sets the carry flag (CF) to 0. This indicates that the return value is invalid and ensures the exploit can’t be used “to compromise correctly functioning confidential computing workloads.”
This week, AMD has also received a report from Li-Chung Chiang at NTU (National Taiwan University) detailing cache-based side-channel attacks against Secure Encrypted Virtualization (SEV) that impact data center (1st Gen to 4th Gen AMD EPYC) and embedded (AMD EPYC 3000/7002/7003/9004) processors.
AMD advised developers to follow best practices for prime and probe attacks (e.g., constant-time algorithms), avoid secret-dependent data whenever possible, and follow the guidance regarding Spectre-type attacks.