Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical AMD Zen CPU Microcode Vulnerability Allows Malicious Code Injection

2025-02-03
Critical AMD Zen CPU Microcode Vulnerability Allows Malicious Code Injection

Google's security team discovered a critical vulnerability in AMD Zen CPUs (Zen 1-4). An attacker with local administrator privileges can bypass insecure signature verification to load malicious microcode patches, compromising the confidentiality and integrity of confidential computing workloads protected by AMD SEV-SNP and potentially the Dynamic Root of Trust for Measurement (DRTM). AMD released a fix on December 17th, urging users to verify TCB values for SNP. Further details and tools will be released on March 5th by Google to allow time for remediation.

(github.com)
Hardware CPU vulnerability