AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches

[Shane1145]

Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks.

Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a design decision that enables collision attacks and signature forgery.


https://cybersecuritynews.com/amd-micro ... erability/