Google Discovers Critical AMD Processor Vulnerability: Microcode Manipulation
2025-02-09
Google researchers have uncovered a critical security flaw in AMD processors. Attackers can manipulate the microcode to control processor behavior, bypassing security features like Secure Encrypted Virtualization (SEV) and the root of trust. The vulnerability exploits an insecure hash function in the processor, allowing the loading of unauthorized microcode. While kernel-level access is required, it poses a significant threat to systems running virtual machines. AMD has released a patch, but it requires updating microcode and BIOS through system manufacturers. The vulnerability affects Zen-based processors dating back to 2017.