Serious security vulnerability on AMD CPUs has been patched

Users need to update the microcode patch immediately to ensure security.

AMD has just disclosed information about a serious security vulnerability (CVE-2024-56161) affecting Zen CPUs from 1 to 4. The vulnerability, discovered by researchers at Google, allows attackers with local administrator privileges to load malicious CPU microcode, thereby stealing sensitive information from virtual machines protected by AMD's SEV (Secure Encrypted Virtualization) feature.

Advertisement

Advertisement

AMD patches dangerous vulnerability in Zen CPUs.

SEV is a hardware security technology designed to protect data in virtual machines running on AMD EPYC processors. It works by encrypting each virtual machine's memory with unique keys, preventing unauthorized access from the hypervisor or other virtual machines.

The vulnerability CVE-2024-56161 stems from a signature verification error in the CPU ROM microcode patch loader. An attacker can exploit this bug to disable SEV and steal data from virtual machines.

Although a patch for this vulnerability was released by AMD in mid-December 2024, the company only recently released the information to ensure users have enough time to update.

To address the vulnerability, users will need to update the microcode on all affected platforms. AMD recommends users update the system BIOS image and reboot the device to enable SEV-SNP attestation, which will help verify the mitigation has been applied.

Saved post successfully

You can review saved articles on the Saved Articles page.

Agree