- AMD Advisor warns about a new high severity security defect
- The error affects Zen 1 to Zen 4 CPU
- Abuse could lead to the loss of protection based on SEV of a confidential guest
The giant of the manufacture of AMD chips has confirmed that it recently patched high severity vulnerability that affects its CPU Zen 1 to Zen 4.
The company published a new security notice, which details the error and its exploitation potential, pointing out: “Google researchers have provided AMD information about a possible vulnerability that, if exploited successfully, could lead to the loss of protection based on SEV of a confidential guest. “
Sev is the lack of safe encrypted virtualization: a hardware -based safety feature designed to improve the confidentiality and integrity of virtual machines (VM) that are executed in EPYC AMD processors. The memory of individual virtual machines using unique encryption keys, ensuring that neither hypervisor nor other virtual machines can access their data.
Available mitigations
Vulnerability is tracked as CVE-2024-56161, and has a gravity score of 7.2/10 (high). It is described as an inadequate signature verification failure in the ROM microcodes patch of the CPU AMD, which could allow threat actors with local administration privileges loading Malicious Microcode of CPU. As a result, the confidentiality and integrity of a confidential guest that runs under AMD Sev-SNP would be lost.
“AMD has made a mitigation available to this problem that requires updating the microcode on all impacted platforms to help prevent a malicious microcode loading attacker,” the company concluded.
“In addition, an Sev firmware update is required so that some platforms admit the SEV-SNP certification. Update the image of the BIOS of the system and restart the platform will allow mitigation certification. A confidential guest can verify that mitigation has been enabled on the destination platform through the SEV-SNP certification report. “
The company only publicly revealed the defect recently, but the patch was launched in mid -December 2024. AMD decided to delay the announcement to give its customers enough time to mitigate the problem.
