Techly NewsGet the app

Get the latest tech news

AMD: Microcode Signature Verification Vulnerability


### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...

This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. HIGH - Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. A test payload for Milan and Genoa CPUs that makes the RDRAND instruction return 4 can be downloaded here(applying it requires the user to be root from outside of a VM).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of AMD

AMD

Related news:

News photo

Sound Open Firmware 2.12 Adds NXP iMX95 Support, Zephyr RTOS For AMD ACP 6.0

News photo

Open-Source 0 A.D. RTS Game Adds AMD FSR Support & Vulkan Renderer

News photo

The Compelling AVX-512 Performance Advantage On AMD EPYC 9005 "Turin"

« Trump says new US sovereign wealth fund could purchase TikTok
Casio UK online store hacked to steal customer credit cards »