AMD has rolled out mitigation and firmware updates to address a high-severity vulnerability (CVE-2024-56161) that allows attackers to load malicious CPU microcodes on unpatched devices.
This flaw, caused by improper signature verification in AMD’s CPU ROM microcode patch loader, could compromise confidential computing workloads under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
How the Vulnerability Works
Attackers with local administrator privileges can exploit this weakness to bypass security measures, potentially affecting guest confidentiality and system integrity. SEV-SNP is designed to create an isolated execution environment that protects against hypervisor-based attacks, but this vulnerability could undermine those protections.
Security researchers from Google, who discovered the flaw, demonstrated that arbitrary malicious microcode patches could be crafted for AMD Zen 1 through Zen 4 CPUs. They also shared a proof-of-concept (PoC) exploit tested on AMD EPYC and Ryzen 9 CPUs, showing how attackers could manipulate CPU instructions.
AMD’s Mitigation and Affected CPUs
AMD has issued microcode updates to block malicious microcode execution. Additionally, some platforms require a SEV firmware update and a system BIOS update with a reboot to ensure proper protection.
The affected CPUs include:
| Code Name | Family | CPUID |
|---|---|---|
| Naples | AMD EPYC 7001 Series | 0x00800F12 |
| Rome | AMD EPYC 7002 Series | 0x00830F10 |
| Milan | AMD EPYC 7003 Series | 0x00A00F11 |
| Milan-X | AMD EPYC 7003 Series | 0x00A00F12 |
| Genoa | AMD EPYC 9004 Series | 0x00A10F11 |
| Genoa-X | AMD EPYC 9004 Series | 0x00A10F12 |
| Bergamo/Siena | AMD EPYC 9004 Series | 0x00AA0F02 |
To verify the mitigation, users should check if their microcode versions match the updated versions listed by AMD.
Additional Security Concerns and Side-Channel Attacks
In a separate security issue, AMD received a report from Li-Chung Chiang of National Taiwan University detailing cache-based side-channel attacks affecting SEV-protected workloads. These attacks impact 1st to 4th Gen AMD EPYC data center processors and embedded chips.
AMD advises developers to implement constant-time algorithms, avoid secret-dependent data when possible, and follow Spectre-type attack mitigation best practices.
As cyber threats continue to evolve, applying these security updates is crucial to maintaining system integrity and protecting confidential computing workloads.
