AMD has released firmware and microcode updates to mitigate a high-severity flaw (CVE-2024-56161) that could enable attackers with local admin privileges to load harmful microcode patches on vulnerable CPUs. The issue stems from improper signature verification in the microcode patch loader, potentially compromising systems protected by AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
To prevent exploitation, AMD recommends users apply the microcode and, in some cases, SEV firmware updates, followed by a system BIOS update and reboot.
Google security researchers discovered and demonstrated the flaw through a proof-of-concept exploit that modifies the RDRAND instruction, showing the potential impact on Zen 1 to Zen 4 processors.
This vulnerability risks undermining the confidentiality and integrity of SEV-protected workloads. AMD advises developers to adopt countermeasures against side-channel attacks, such as using constant-time algorithms and avoiding secret-dependent data.
The fixes cover AMD EPYC and Ryzen series CPUs across multiple generations, ensuring secure operations for confidential computing environments.
Read more...