Security researchers have discovered a major vulnerability affecting AMD processors from Zen 1 through Zen 4 architectures. The flaw, dubbed "EntrySign," allows attackers to bypass AMD's microcode signature verification and potentially execute malicious code at the CPU level.
The vulnerability stems from AMD's use of the CMAC cryptographic function in an insecure way when validating microcode updates. By exploiting this weakness, attackers could forge signatures and inject unauthorized microcode patches into affected processors.
"The root cause is that AMD used CMAC as a hash function, when it was not designed for that purpose," explained the researchers. "This allowed us to calculate collisions and forge signatures that the CPU would accept as valid."
The impact is limited by several factors:
- Attackers need administrative access to install microcode updates
- Changes do not persist after system restart
- AMD has released BIOS updates to patch the vulnerability
However, the flaw could still pose risks in certain scenarios like confidential computing environments using AMD SEV-SNP technology.
AMD recommends all users apply the latest BIOS updates containing the microcode fix. The patch implements a more secure hash function for signature validation and includes protections to prevent exploitation.
The discovery highlights the challenges of implementing robust security at the processor level. While microcode updates provide flexibility to fix CPU bugs after release, they must be properly protected against tampering.
For technical users interested in the details, the researchers have released tools and documentation about AMD's microcode architecture through their "zentool" project. This allows examining how microcode patches work while respecting AMD's fix for the vulnerability.