AMD patches high severity security flaw affecting Zen chips
Posted by:
Olivia Smith
Chipmaker AMD has issued a warning about a significant security flaw that impacts its Zen 1 to Zen 4 CPUs. The vulnerability, noted as CVE-2024-56161 with a high severity score, involves an improper signature verification flaw in the AMD CPU ROM microcode patch loader. If exploited, the bug could allow threat actors with local admin privileges to load malicious CPU microcode, resulting in the loss of the SEV-based protection of a confidential guest. SEV, which stands for Secure Encrypted Virtualization, is a security feature aimed at enhancing the confidentiality and integrity of virtual machines on AMD EPYC processors. Mitigations for the flaw include updating microcode on affected platforms to prevent malicious code loading and performing an SEV firmware update for certain platforms to support SEV-SNP attestation. AMD released the patch in mid-December 2024 but delayed public disclosure to allow customers time to address the issue.
Recent Posts1
