Techly NewsGet the app

Get the latest tech news

Google Release Details of AMD Microcode Vulnerability


Last month, Google security researchers disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system, affecting multiple AMD processors. Today, they have released the full chain details of the vulnerability dubbed "EntrySign," a significant vulnerability (CVE-2024-56161) affecting AMD's Zen-based CPUs that allowed the execution of unauthorized microcode.

Since hardware bugs can't be fixed without replacing physical components, manufacturers developed a mechanism for microcode updates to patch critical issues. The researchers discovered that AMD used the example key from NIST documentation (2b7e1516 28aed2a6 abf71588 09cf4f3c) across multiple CPU generations. To demonstrate the vulnerability, the team created "zentool," a suite of utilities that can examine, author, sign, and load custom microcode patches.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Google

Google

Related news:

News photo

Google reportedly pleads with Trump DOJ to avoid anti-trust breakup - Google was officially deemed a monopoly by the Biden administration in August.

News photo

Google Removes Women's History Month From Its Calendar App

News photo

Google change is breaking some digital photo frames

« Superelastic alloy that functions in extreme temperatures could aid space exploration
Microsoft is plotting a future without OpenAI »