AMD EPYC and Ryzen CPUs Affected by Severe Security Flaw

A newly disclosed vulnerability affecting AMD's Zen 1 through Zen 4 CPUs allows attackers with local administrator privileges to load malicious microcode patches, potentially compromising confidential workloads. The issue, discovered by Google's Security Team, stems from the use of an insecure hash function in AMD's microcode signature verification process, raising concerns over Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) protections.

The vulnerability, tracked as CVE-2024-56161, was first reported to AMD by Google on September 25, 2024. Researchers from Google identified the flaw and demonstrated its exploitability across multiple AMD CPU generations. AMD developed a fix by December 17, 2024, and privately distributed the patch to its customers. Public disclosure was delayed until February 3, 2025, in coordination with AMD to ensure adequate time for mitigations. Additional technical details and verification tools are expected to be released on March 5, 2025.

Technical details and impact

The vulnerability arises from improper signature verification in AMD's microcode patch loader. Specifically, the CPU relies on an insecure hashing algorithm to validate microcode updates, allowing an attacker with ring 0 (administrator) access to inject arbitrary malicious microcode. This could lead to severe security breaches, including:

• Compromise of confidential workloads running under AMD SEV-SNP, which is used to protect virtualized environments.
• Tampering with Dynamic Root of Trust Measurement (DRTM), a crucial security feature ensuring system integrity during boot.
• Execution of unauthorized microcode modifications, potentially bypassing security restrictions and introducing persistent threats.

A proof-of-concept (PoC) attack was demonstrated on AMD Milan and Genoa CPUs, where researchers crafted a microcode payload that forced the RDRAND instruction to always return the value 4, proving arbitrary code execution within the CPU.

The vulnerability impacts all Zen-based AMD CPUs, including AMD EPYC 7001 (Naples), 7002 (Rome), 7003 (Milan, Milan-X), and 9004 (Genoa, Genoa-X, Bergamo, Siena) series. Embedded variants of EPYC CPUs are also impacted.

AMD has released microcode patches for affected platforms, delivered via BIOS updates distributed to OEMs. Updating the BIOS and rebooting the system is required to apply the fix. For SEV-SNP users, attestation reports can verify whether mitigations are enabled.

Recommended actions for AMD users

• Update BIOS to the latest version provided by the system or motherboard manufacturer.
• For SEV-SNP users, verify attestation reports to confirm TCB updates.
• Restrict administrative access to prevent local privilege escalation attacks.
• Monitor AMD’s official advisories for further updates and tools expected on March 5, 2025.

While exploitation requires local administrative privileges, the ability to tamper with microcode presents a severe risk to confidential computing environments. Organizations using AMD EPYC processors in cloud and enterprise deployments should prioritize patching to mitigate potential threats.