AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. The security flaw, identified as CVE-2024-56161, is caused by an improper signature verification weakness in AMD’s CPU ROM microcode patch loader.
Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). SEV isolates guests and the hypervisor from one another, while SEV-SNP adds memory integrity protection to create an isolated execution environment.
To address the vulnerability, AMD now requires a microcode update on all affected platforms to block malicious microcode execution. Some platforms also require a SEV firmware update for SEV-SNP attestation, with users needing to update the system BIOS and reboot to enable attestation of the mitigation.
Users can confirm that the mitigation has been correctly installed by checking the microcode version against the table provided. AMD EPYC 7001-9004 Series devices are affected, including models such as Naples, Rome, Milan, Genoa, and Bergamo/Siena.
Google security researchers discovered the vulnerability, which uses an insecure hash function in signature validation for microcode updates. They have also shared a proof-of-concept exploit that demonstrates how attackers can create arbitrary microcode patches. AMD has advised developers to follow best practices for prime and probe attacks and avoid secret-dependent data to prevent Spectre-type attacks.
Additionally, researchers at National Taiwan University have reported cache-based side-channel attacks against Secure Encrypted Virtualization (SEV) that impact data center and embedded processors. AMD is advising developers to follow guidance on these types of attacks as well.
Source: https://www.bleepingcomputer.com/news/security/amd-fixes-bug-that-lets-hackers-load-malicious-microcode-patches