AMD, Google disclose Zen processor microcode vulnerability

AMD and Google jointly disclosed a high-severity microcode signature verification vulnerability in the chipmaker's Zen CPUs after initial details inadvertently leaked last month.

On Jan. 21, Google vulnerability researcher Tavis Ormandy emailed the Open Source Security mailing list on SecLists.org saying that an Asus update page included a patch for a then-undisclosed "AMD Microcode Signature Verification Vulnerability." The Asus page was taken down and AMD said it was aware of the reported vulnerability, but few details were known at the time.

The vulnerability was officially disclosed Monday as a coordinated process between AMD and Google. AMD thanked Google researchers Ormandy, Josh Eads, Kristoffer Janke, Eduardo Vela and Matteo Rizzo in an advisory for to the vulnerability.

The flaw, tracked as CVE-2024-56161, is a high-severity vulnerability with a 7.2 CVSS core that affects    . "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP," AMD said in the advisory.

When the vulnerability was first leaked last month, AMD similarly told Informa TechTarget exploitation requires local administrator access as well as development and execution of malicious microcode.

The chipmaker made a mitigation available alongside the disclosure, which requires updating microcode for affected microprocessors. AMD said some platforms also require a firmware update for the manufacturer's Secure Encrypted Virtualization (SEV) technology. Additional details regarding mitigation application are available in the advisory.

Vela published a separate advisory on GitHub Monday containing additional information. "This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches," he wrote on GitHub. "We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs."

The GitHub post contains a link to a proof-of-concept exploit as well as a timeline. Vela said Google reported the issue Sept. 25, it was fixed Dec. 17 and coordinated disclosure began yesterday.

Vela's advisory referred to the long timeline required to disclose the flaw as a "one-off exception to our standard vulnerability disclosure policy."

"Due to the deep supply chain, sequence and coordination required to fix this issue, we will not be sharing full details at this time in order to give users time to re-establish trust on their confidential-compute workloads," Vela wrote. "We will share additional details and tools on March 5, 2025."

Informa TechTarget reached out to AMD and Google for additional information, but neither has responded at press time.

Alexander Culafi is a senior information security news writer and podcast host for Informa TechTarget.