- Google researchers found a vulnerability in AMD Zen 1 – 4 Chips
- It allows anyone to push the microcode updates, even malicious
- The bug requires a high level of privilege in advance
The AMD processors, from Zen 1 to Zen 4, bear a major vulnerability that allows threat actors to push the microcode updates on affected chips.
It is according to the researchers of Google, who also published a tool to install the updates, or “jailbreak” of the aircraft.
Google researchers called “entry” vulnerability. They explained that it stems from the way AMD uses AES-CMAC as a hatching function in a signature verification process, which is essentially a cryptographic error, because CMAC is designed as a message authentication code. Vulnerability is followed as CVE-2024-56161 and received a gravity score of 7.2 / 10 (high).
The researchers also noted that AMD used a published example of the documentation of the NIST documentation all this time, which helped them to forge signatures and to install all the updates of the microcode they have considered good. In theory, a threat actor could abuse vulnerability to circumvent security mechanisms and trigger information leaks.
In practice, however, it is much more difficult than that. The attackers should have local administration privileges in advance, which is sufficiently difficult in itself. In addition, attacks would only persist until the system restarts.
In any case, Google has published an open source tool called “Zentool”, which allows security researchers (and, unfortunately, threatening actors) to remove personalized microcode fixes.
It consists of tools for examining the microcode patch (including limited disassembly), the creation of microcode patches, signature and loading. The researchers said they were planning to publish details on how to decipher and also encrypt microcode patches in the future. “An important part of the current research focuses on the construction of a precise understanding of the set of instructions on the AMD microcode – current disassembly and assembly are not always exact because of this challenge,” said the report.
AMD has published BIOS updates to tackle this vulnerability, so if you fear that you are targeted, be sure to update your systems to the versions dated December 17, 2024 or later.
Via Tom material
