- Google’s researchers found a vulnerability in AMD Zen 1 – 4 chips
- It allows anyone to push microcode updates, even malicious ones
- The bug requires high privilege level in advance
AMD processors, from Zen 1 all the way to Zen 4, are carrying a major vulnerability that allows threat actors to push microcode updates on affected chips.
This is according to researchers from Google, who also released a tool to install the updates, or “jailbreak” the device.
Google’s researchers called the vulnerability “EntrySign”. They explained that it stems from the way AMD uses AES-CMAC as a hash function in a signature verification process, which is essentially a cryptographic error, since CMAC is designed as a message authentication code. The vulnerability is tracked as CVE-2024-56161, and was given a severity score of 7.2/10 (high).
The researchers also found AMD was using a published example key from NIST documentation all this time, which helped them forge signatures and install any updates to the microcode they saw fit. In theory, a threat actor could abuse the vulnerability to bypass security mechanisms and trigger information leakage.
In practice, however, it’s a lot more difficult than that. The attackers would need to have local admin privileges beforehand, which is difficult enough on its own. Furthermore, the attacks would only persist until the next system reboot.
In any case, Google released an open source tool called ‘zentool’, which allows security researchers (and, unfortunately, threat actors) to drop custom microcode patches.
It consists of tools for microcode patch examination (including limited disassembly), microcode patch authoring, signing, and loading. The researchers said they’re planning on releasing details on how to decrypt and encrypt microcode patches in the future, as well. “A significant portion of the ongoing research is focused on building an accurate understanding of the AMD microcode instruction set – the current disassembly and assembly are not always accurate due to this challenge,” the report stated.
AMD has released BIOS updates to address this vulnerability, so if you fear you might be targeted, make sure to update your systems to versions dated December 17, 2024, or later.
Via Tom’s Hardware
