Critical AMD Zen CPU Microcode Vulnerability Allows Malicious Code Injection
2025-02-03
Google's security team discovered a critical vulnerability in AMD Zen CPUs (Zen 1-4). An attacker with local administrator privileges can bypass insecure signature verification to load malicious microcode patches, compromising the confidentiality and integrity of confidential computing workloads protected by AMD SEV-SNP and potentially the Dynamic Root of Trust for Measurement (DRTM). AMD released a fix on December 17th, urging users to verify TCB values for SNP. Further details and tools will be released on March 5th by Google to allow time for remediation.
Hardware
CPU vulnerability