• Vulnerable U
  • Posts
  • AMD Flaw Threatens Confidential Computing on Zen Processors

AMD Flaw Threatens Confidential Computing on Zen Processors

The bug results from the use of an insecure hash function

Author

Newsroom
February 04, 2025

Google security researchers have identified a serious vulnerability in several versions of AMD Zen processors that can allow a local, privileged attacker to gain access to confidential compute workloads on affected processors. The bug affects Zen generations 1-4 processors and AMD has released microcode updates to address the issue in the affected processors. 

Why It Matters: The Google researchers discovered a weakness in the way that the AMD processors validate signatures for updates to the microcode. The vulnerability (CVE-2024-56161) is the result of the processors using an insecure hash function and the researchers were able to develop a proof-of-concept exploit for AMD Milan and Genoa processors and disclosed the bug to AMD in September. AMD issued fixes for it in December. In order to exploit the vulnerability, an attacker would need to have local admin privileges and the result of the exploit would be a loss of confidentiality in guests running under the secure encrypted virtualization (SEV) secure nested paging (SNP).

Key Details

  • The vulnerability enables a privileged attacker to load arbitrary microcode patches to an affected CPU. “The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates. This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement,” the Google advisory says. “Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.”

  • The bug affects several versions of the AMD microcode, including Naples, Rome, Milan, Milan-X, Genoa, and Bergamo/Siena.

  • “AMD has made available a mitigation for this issue which requires updating microcode on all impacted platforms to help prevent an attacker from loading malicious microcode. Additionally, an SEV firmware update is required for some platforms to support SEV-SNP attestation. Updating the system BIOS image and rebooting the platform will enable attestation of the mitigation,” AMD said in its advisory.

Interestingly, Google waived its typical 90-day disclosure policy for vulnerabilities in this case and has not disclosed all of the details of the bug yet because of the long supply chain involved.