AMD has disclosed a high-severity vulnerability (CVE-2024-56161) in its Secure Encrypted Virtualization (SEV) technology, which could allow attackers with administrative privileges to inject malicious CPU microcode.
This flaw compromises the confidentiality and integrity of virtual machines (VMs) protected by SEV-SNP, a security feature designed to safeguard sensitive workloads in virtualized environments.
The issue stems from improper signature verification in the AMD CPU ROM microcode patch loader.
Specifically, an insecure hash function used for validating microcode updates enables adversaries with local administrator privileges to bypass signature checks and load unauthorized microcodes.
“Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP”, reads the advisory.
Understanding the Vulnerability
AMD SEV-SNP (Secure Nested Paging) is an advanced security feature aimed at isolating VMs from hypervisors and protecting against memory remapping and side-channel attacks.
By encrypting VM memory with unique keys and enforcing memory integrity checks, SEV-SNP creates a trusted execution environment for sensitive data processing.
However, CVE-2024-56161 undermines these protections by allowing malicious microcode to manipulate CPU functionality, potentially exposing encrypted VM data or enabling privilege escalation.
This flaw affects AMD processors across multiple generations, including Zen 1 through Zen 4 architectures, which power EPYC™ server CPUs used in data centers worldwide.
It carries a CVSS score of 7.2 (High), reflecting its significant potential impact on confidential computing workloads.
AMD credited Google researchers Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo for uncovering this critical flaw.
AMD has released firmware updates through its AGESA™ platform initialization packages to address the issue. These updates include:
SEV Firmware Updates: Platforms require SEV firmware version 1.55.29 or higher for proper mitigation.
BIOS Updates: System BIOS images must be updated to incorporate the new microcode and firmware changes. Rebooting the platform after the update enables SEV-SNP attestation, allowing confidential guests to verify that mitigations are active through attestation reports.
Notably, AMD has introduced restrictions on hot-loading microcode after these updates. Attempting to load older or unauthorized microcode will result in a general protection (#GP) fault.
Organizations using AMD EPYC processors should immediately apply the latest BIOS updates provided by their Original Equipment Manufacturers (OEMs).
Regularly verify SEV-SNP attestation reports to ensure mitigations are active. Additionally, restrict administrative access to systems running sensitive workloads and monitor for unusual activity indicative of exploitation attempts.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free