Connect with us

Tech News

AMD confirms microcode vulnerability revealed in beta BIOS update

Published

on

AMD confirms microcode vulnerability revealed in beta BIOS update

What’s the Latest with AMD’s Processors? AMD recently confirmed a security vulnerability in some of its processors that was accidentally exposed through a beta BIOS update from Asus. The flaw, referred to as a “microcode signature verification vulnerability,” became public knowledge before AMD could officially address it, causing concern within the cybersecurity community.

The vulnerability was initially discovered by Tavis Ormandy, a security researcher at Google’s Project Zero. Ormandy noticed a mention of the flaw in the release notes of an Asus beta BIOS update for a gaming motherboard. In a public mailing list post, Ormandy expressed, “It seems like an OEM leaked the patch for a significant upcoming CPU vulnerability.”

AMD has since acknowledged the issue and is working on developing and implementing mitigations. While the specific products affected have not been disclosed by the company, it appears that the vulnerability is related to the microcode and bypasses the typical process that ensures only authorized, AMD-signed microcode can be loaded into the processor. According to AMD, exploiting this vulnerability requires local administrator access to the targeted system and the ability to create and execute malicious microcode. Despite the seriousness of the vulnerability, its complex exploitation suggests that it is not easily weaponized by casual attackers.

While the full impact of the vulnerability remains uncertain, security experts are already considering the potential implications. Demi Marie Obenour, a software developer at Invisible Things, raised concerns that if a malicious actor could load arbitrary microcode, critical security features like System Management Mode (SMM), Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), and Dynamic Root of Trust for Measurement (DRTM) could be compromised.

See also  Arma Reforger revealed for PS5 and it is out now

This recent discovery of a microcode signature verification vulnerability is not an isolated incident for AMD. The company has encountered various security challenges across its product lines over the years.

In March 2018, researchers from CTS Labs identified a series of vulnerabilities affecting AMD’s Ryzen and Epyc processors, collectively known as RYZENFALL, MASTERKEY, CHIMERA, and FALLOUT. These vulnerabilities posed security risks to both consumer and enterprise-grade processors, requiring administrative access for exploitation.

In August 2024, a widespread vulnerability named “Sinkclose” was disclosed, affecting the System Management Mode and potentially exposing numerous devices to security threats. Exploiting this vulnerability necessitated kernel-level access, making it a significant concern for severely compromised systems, as stated by AMD at the time.

Trending