do son 
A recent disclosure from the Google Security Team has revealed a high-severity vulnerability in AMD Zen-based CPUs that could allow attackers to load malicious microcode patches, compromising confidential computing environments. Identified as CVE-2024-56161 and assigned a CVSS score of 7.2, this vulnerability impacts AMD CPUs from Zen 1 through Zen 4 architectures, posing significant risks to enterprises relying on AMD Secure Encrypted Virtualization (SEV-SNP) for secure workloads.
According to Google Security Team, the root of the vulnerability lies in the “insecure hash function in the signature validation for microcode updates.” This flaw enables attackers with local administrator privileges (ring 0 access outside of a VM) to load arbitrary microcode patches. As noted in the report, “This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement.”
To demonstrate the impact of this flaw, Google researchers crafted a proof-of-concept (PoC) attack that manipulates the RDRAND instruction on affected Milan and Genoa CPUs. The PoC payload makes the RDRAND instruction return the static value 4, effectively proving the feasibility of unauthorized microcode injection. As per the disclosure, “A test payload for Milan and Genoa CPUs that makes the RDRAND instruction return 4 can be downloaded here (applying it requires the user to be root from outside of a VM).”
Due to the complexity of the supply chain and the need for coordinated patching efforts, full details of the vulnerability have not yet been released. However, Google plans to share additional information and tools on March 5, 2025, to further assist users in securing their systems.
The vulnerability affects multiple AMD EPYC processor families, including:
- Naples (EPYC 7001 Series)
- Rome (EPYC 7002 Series)
- Milan and Milan-X (EPYC 7003 Series)
- Genoa and Genoa-X (EPYC 9004 Series)
- Bergamo and Siena (EPYC 9004 Series)
To mitigate the risks posed by CVE-2024-56161, AMD has released updated microcode through AGESA™ firmware updates distributed to Original Equipment Manufacturers (OEMs). Users should consult their OEM for BIOS updates incorporating these patches.
Related Posts:
- AMD: CPU security patch for Ryzen and EPYC processors come on this week
- AMD discloses over 50 vulnerabilities that affect EPYC processor and Radeon graphics driver
- AMD EPYC Processors Exposed: High-Severity Vulnerability
