AMD: Microcode Signature Verification Vulnerability
(github.com)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 03 Feb 19:53
https://inks.tedunangst.com/l/5174
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 03 Feb 19:53
https://inks.tedunangst.com/l/5174
This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates. This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
#bios #cpu #exploit #hash #security #systems #virtualization
threaded - newest