AMD CPU Signature Verification Vulnerability Let Attackers Load Malicious Microcode

AMD has disclosed a significant security vulnerability that could allow attackers with administrative privileges to load unauthorized microcode patches into the company’s processors. 

Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw affects a wide range of AMD CPUs across data center, desktop, workstation, mobile, and embedded product lines.

The vulnerability, tracked as AMD-SB-7033, stems from improper signature verification in AMD’s CPU ROM microcode patch loader. 

AMD CPU Signature Verification Vulnerability

Researchers from Google discovered a weakness in the signature verification algorithm that could be exploited to bypass AMD’s cryptographic controls, allowing attackers to load arbitrary microcode patches that weren’t officially signed by AMD.

“This vulnerability may allow an attacker with system administrative privilege to load malicious CPU microcode patches,” AMD stated in its security bulletin. 

The researchers not only demonstrated loading unsigned patches but also showed how they could falsify signatures for arbitrary microcode modifications.

The potential impact is severe, potentially resulting in “loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment,” reads the advisory.

AMD credited Josh Eads, Kristoffer Janke, Eduardo “Vela” Nava, Tavis Ormandy, and Matteo Rizzo from Google for discovering and reporting the vulnerability through coordinated disclosure.

The summary of the vulnerability is given below:

Risk Factors	Details
Affected Products	AMD EPYC (Naples, Rome, Milan, Genoa, Turin), AMD Ryzen (3000–9000 series desktop/mobile processors), AMD Threadripper (3000–7000 series), AMD Athlon (3000 series), and various embedded processors.
Impact	Loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in privileged CPU contexts, and compromise of the System Management Mode (SMM).
Exploit Prerequisites	Load malicious microcode patches by exploiting improper signature verification in the CPU ROM microcode patch loader
CVSS 3.1 Score	6.4 (Medium)

The vulnerability affects numerous processor families including AMD EPYC server chips (from Naples through Turin generations), Ryzen desktop and mobile processors (3000 through 9000 series), Threadripper workstation CPUs, and various embedded solutions. This spans nearly all AMD x86 processors released in recent years.

Major affected product lines include:

• EPYC 7000, 7002, 7003, 9004, and 9005 Series
• Ryzen 3000, 4000, 5000, 6000, 7000, 8000, and 9000 Series
• Threadripper 3000, 5000, and 7000 Series
• Athlon 3000 Series
• Various embedded processor variants

Mitigation

AMD plans to release Platform Initialization (PI) firmware updates to fix the vulnerability. 

For data center customers, firmware updates for EPYC processors will begin rolling out on December 13, 2024, for Naples, Rome, and Milan systems, with Genoa systems receiving updates on December 16. Turin systems will see fixes by March 4, 2025.

Desktop and mobile processor updates will follow a similar timeline, with most fixes available in January 2025. 

After applying these patches, microcode cannot be hot-loaded without meeting specific requirements, and attempts to load unauthorized code will result in a #GP fault on systems with older BIOS versions.

The company noted it has not received any reports of this attack occurring in the wild. 

However, the fact that Google’s researchers were able to successfully bypass AMD’s microcode signature verification highlights a potential weakness in the security architecture of modern processors that could have significant implications for system integrity and confidentiality.

Users and administrators are strongly advised to apply firmware updates as they become available to protect their systems from potential exploitation of this vulnerability.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar