AMD fixes bug that lets hackers load malicious microcode patches
AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices.
The security flaw (CVE-2024-56161) is caused by an improper signature verification weakness in AMD's CPU ROM microcode patch loader.
Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of a confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
According to AMD's development resources, SEV isolates guests and the hypervisor from one another, and SEV-SNP adds memory integrity protection that creates an isolated execution environment by helping prevent malicious hypervisor-based attacks (e.g., data replay, memory re-mapping, and more).
AMD now provides mitigation requiring a microcode update on all affected platforms to block malicious microcode execution.
Some platforms also require a SEV firmware update for SEV-SNP attestation, with users having to update the system BIOS and reboot to enable attestation of the mitigation.
To confirm that the mitigation has been correctly installed, check whether the microcode version(s) matches the one(s) listed in the table below.
Code Name | Family | CPUID |
Naples | AMD EPYC 7001 Series | 0x00800F12 |
Rome | AMD EPYC 7002 Series | 0x00830F10 |
Milan | AMD EPYC 7003 Series | 0x00A00F11 |
Milan-X | AMD EPYC 7003 Series | 0x00A00F12 |
Genoa | AMD EPYC 9004 Series | 0x00A10F11 |
Genoa-X | AMD EPYC 9004 Series | 0x00A10F12 |
Bergamo/Siena | AMD EPYC 9004 Series | 0x00AA0F02 |
"We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates," the Google Security Team said.
"This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement."
Google security researchers, credited with finding and reporting this flaw to AMD, have also shared a proof-of-concept (PoC) exploit (tested on AMD EPYC and AMD Ryzen 9 CPUs) that shows how attackers can create arbitrary microcode patches.
Their PoC exploit makes the RDRAND instruction on vulnerable AMD Zen processors always return 4, which also sets the carry flag (CF) to 0. This indicates that the return value is invalid and ensures the exploit can't be used "to compromise correctly functioning confidential computing workloads."
This week, AMD has also received a report from Li-Chung Chiang at NTU (National Taiwan University) detailing cache-based side-channel attacks against Secure Encrypted Virtualization (SEV) that impact data center (1st Gen to 4th Gen AMD EPYC) and embedded (AMD EPYC 3000/7002/7003/9004) processors.
AMD advised developers to follow best practices for prime and probe attacks (e.g., constant-time algorithms), avoid secret-dependent data whenever possible, and follow the guidance regarding Spectre-type attacks.
Hackers spoof Microsoft ADFS login pages to steal credentials
New Microsoft script updates Windows media with bootkit malware fixes
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
InformationalUser Agent Fuzzer
InformationalGraphQL Endpoint Supports Introspection
LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)
InformationalObsolete Content Security Policy (CSP) Header Found
MediumFile Upload
Free online web security scanner