AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.

The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.

"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP," AMD said in an advisory.

The chipmaker credited Google security researchers Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo for discovering and reporting the flaw on September 25, 2024.

SEV is a security feature that uses a unique key per virtual machine to isolate virtual machines (VMs) and the hypervisor from one another. SNP, which stands for Secure Nested Paging, incorporates memory integrity protections to create an isolated execution environment and safeguard against hypervisor-based attacks.

"SEV-SNP introduces several additional optional security enhancements designed to support additional VM use models, offer stronger protection around interrupt behavior, and offer increased protection against recently disclosed side channel attacks," according to AMD.

In a separate bulletin, Google noted that CVE-2024-56161 is the result of an insecure hash function in the signature validation for microcode updates, which opens the door to a scenario where an adversary could compromise confidential computing workloads.

The company has also released a test payload to demonstrate the vulnerability, but additional technical details have been withheld for another month so as to give enough time for the fix to be propagated across the "deep supply chain."