- Google researchers found vulnerability in AMD Zen 1 – 4 chips
- Allows anyone to press microcodes updates, even malicious
- Error requires a high level of privilege in advance
AMD processors, from Zen 1 to Zen 4, carry an important vulnerability that allows threat actors to boost microcodes updates in the affected chips.
This is according to Google researchers, who also launched a tool to install updates, or “Jailbreak” the device.
Google researchers described the vulnerability “Entrysign”. They explained that it derives from the way in which AMD uses AES-CMAC as a hash function in a signature verification process, which is essentially a cryptographic error, since CMAC is designed as an authentication code of messages. Vulnerability is tracked as CVE-2024-56161, and was given a severity score of 7.2/10 (high).
The researchers also found that AMD was using a published example of the NIST documentation all this time, which helped them forge signatures and install any update in the microcode they saw in shape. In theory, a threat actor could abuse vulnerability to avoid safety mechanisms and activate information leakage.
In practice, however, it is much more difficult than that. The attackers would need to have local administration privileges in advance, which is quite difficult on its own. In addition, the attacks would only persist until the next system restarts.
In any case, Google launched an open source tool called ‘Zentool’, which allows security researchers (and, unfortunately, threat actors) eliminate personalized microcod patches.
It consists of tools for the microcodigo patch exam (including limited disassembly), the authorization of microcodes patches, firm and load. The researchers said they are planning to publish details on how to decipher and encrypt microcoded patches in the future, too. “A significant part of the ongoing research focuses on building a precise understanding of the AMD microcode instructions: disassembly and current assembly are not always precise due to this challenge,” the report said.
AMD has published BIOS updates to address this vulnerability, so if you fear it, be sure to update your systems to versions dated December 17, 2024 or later.
Through Tom hardware
