AMD patches high severity security flaw affecting Zen chips

AMD advisory warns about a new high-severity security flaw
The bug affects Zen 1 to Zen 4 CPUs
Abuse could lead to the loss of SEV-based protection of a confidential guest

Chipmaking giant AMD has confirmed it recently patched a high-severity vulnerability affecting its Zen 1 to Zen 4 CPUs.

The company published a new security advisory, detailing the bug and its potential for exploitation, noting, “Researchers from Google have provided AMD with information on a potential vulnerability that, if successfully exploited, could lead to the loss of SEV-based protection of a confidential guest.”

SEV is short for Secure Encrypted Virtualization – a hardware-based security feature designed to enhance the confidentiality and integrity of virtual machines (VMs) running on AMD EPYC processors. It encrypts the memory of individual VMs using unique encryption keys, ensuring that neither the hypervisor nor other VMs can access their data.

Mitigations available

The vulnerability is tracked as CVE-2024-56161, and has a severity score of 7.2/10 (high). It is described as an improper signature verification flaw in AMD CPU ROM microcode patch loader, which could allow threat actors with local admin privileges to load malicious CPU microcode. As a result, the confidentiality and integrity of a confidential guest running under AMD SEV-SNP would be lost.

“AMD has made available a mitigation for this issue which requires updating microcode on all impacted platforms to help prevent an attacker from loading malicious microcode,” the company concluded.

“Additionally, an SEV firmware update is required for some platforms to support SEV-SNP attestation. Updating the system BIOS image and rebooting the platform will enable attestation of the mitigation. A confidential guest can verify the mitigation has been enabled on the target platform through the SEV-SNP attestation report.”

The company only publicly disclosed the flaw recently, but the patch was actually released in mid-December 2024. AMD decided to delay the announcement to give its customers enough time to mitigate the problem.

https://cdn.mos.cms.futurecdn.net/tEs5REvNWU2Jsmt9rEZU2j-1200-80.jpg

Source link

Perplexity will make AI images for you, but ChatGPT is the one doing the work

My favourite premium gaming mouse from Logitech is at its cheapest yet – with more top pointer deals from just AU$125.45

Could the ‘Angry Magpie’ save your business from insider threat and data-related attacks?

Google has tuned up its AI Music Sandbox for musicians and producers

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Syrah Resources Q1 2025 slides: zero Balama production amid protest actions

U.S. tariffs will hasten, not slow, China’s drive for tech self-sufficiency

FAA delays flights to Newark airport after equipment, staffing issues

Trump to reduce impact of auto tariffs, officials say

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

AMD patches high severity security flaw affecting Zen chips

Syrah Resources Q1 2025 slides: zero Balama production amid protest actions

U.S. tariffs will hasten, not slow, China’s drive for tech self-sufficiency

Perplexity will make AI images for you, but ChatGPT is the one doing the work

FAA delays flights to Newark airport after equipment, staffing issues