However, the fact that Google’s researchers were able to successfully bypass AMD’s microcode signature verification highlights a potential weakness in the security architecture of modern processors that could have significant implications for system integrity and confidentiality. The vulnerability affects numerous processor families including AMD EPYC server chips (from Naples through Turin generations), Ryzen desktop and mobile processors (3000 through 9000 series), Threadripper workstation CPUs, and various embedded solutions. Researchers from Google discovered a weakness in the signature verification algorithm that could be exploited to bypass AMD’s cryptographic controls, allowing attackers to load arbitrary microcode patches that weren’t officially signed by AMD. For data center customers, firmware updates for EPYC processors will begin rolling out on December 13, 2024, for Naples, Rome, and Milan systems, with Genoa systems receiving updates on December 16. The potential impact is severe, potentially resulting in “loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment,” reads the advisory. After applying these patches, microcode cannot be hot-loaded without meeting specific requirements, and attempts to load unauthorized code will result in a #GP fault on systems with older BIOS versions. Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw affects a wide range of AMD CPUs across data center, desktop, workstation, mobile, and embedded product lines. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Users and administrators are strongly advised to apply firmware updates as they become available to protect their systems from potential exploitation of this vulnerability. AMD credited Josh Eads, Kristoffer Janke, Eduardo “Vela” Nava, Tavis Ormandy, and Matteo Rizzo from Google for discovering and reporting the vulnerability through coordinated disclosure.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Apr 2025 09:00:13 +0000