Vulnerability in AMD CPU Microcode Loader Allowing SEV-SNP Isolation Bypass

Vulnerability in AMD CPU Microcode Loader Allowing SEV-SNP Isolation Bypass
3 min read

Security researchers from Google have published information about a vulnerability (CVE-2024-56161) in AMD processors that affects the microcode loader and allows bypassing the digital signature verification mechanism when updating microcode. Loading a modified microcode enables an attacker to compromise the AMD SEV (Secure Encrypted Virtualization) mechanism, which is used in virtualization systems to protect virtual machines from interference by the hypervisor or the host system administrator.

Cause of the Vulnerability

The vulnerability is caused by the use of an insecure hash function in the code that performs digital signature verification after loading the microcode into the CPU. To execute the attack, an attacker must have administrator privileges on the local system (ability to execute code at ring 0, outside a virtual machine).

Potential Impact

The attack allows interference with guest systems protected by AMD SEV (Secure Encrypted Virtualization) and SEV-SNP (Secure Nested Paging), which provide guarantees of virtual machine memory integrity, isolate processor registers, and ensure secure operations with nested page tables. The AMD SEV mechanism was designed to prevent data center and cloud provider personnel from modifying, analyzing, or distorting the computations of protected guest systems.

Exploit Prototype

Researchers have developed a proof-of-concept exploit that allows loading arbitrary microcode into the CPU without a valid digital signature. To demonstrate the severity of the vulnerability, they proposed a microcode update that modifies the behavior of the RDRAND instruction, which serves as a source of entropy in pseudo-random number generators used for key generation, cryptographic operations, and random identifier generation.

The modification causes RDRAND to always return the number 4 instead of a random sequence. To prevent real attacks on confidential computing systems, the modified microcode clears the CF (carry flag), marking the returned value as erroneous. Additional details and tools for generating modified microcode are planned for release on March 5, giving users time to apply patches to their systems. A successful attack demonstration was conducted on servers with AMD EPYC 7B13 (Milan) and AMD Ryzen 9 7940HS (Phoenix) processors.

Affected Processors and Patches

According to AMD's report, the vulnerability affects AMD processors based on Zen microarchitecture generations 1-4. A microcode update addressing the vulnerability was released on December 13, 2024, for AMD EPYC 7001, 7002, and 7003 series processors (Naples, Rome, Milan, and Milan-X), and on December 16 for AMD EPYC 9004 series processors (Genoa, Genoa-X, and Bergamo/Siena). To fully mitigate the vulnerability on systems using SEV-SNP attestation, an additional AMD SEV firmware update is required, which is provided alongside BIOS updates from hardware manufacturers.

Additional Side-Channel Vulnerability

Another vulnerability in AMD processors has also been reported, allowing a side-channel attack to extract information about computations in guest systems protected by AMD SEV. This issue affects AMD EPYC processors from generations 1-4 and is related to the ability to extract data from the processor cache that accumulates during the operation of protected guest systems.

The Prime+Probe method can be used to analyze cache contents by filling the cache with a reference set of values and measuring access times to detect changes upon refilling. It is noted that mitigation techniques previously proposed for Spectre-class attacks can be effective in blocking this attack.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Jacob Enderson 2.9K
I'm a tech enthusiast and writer, passionate about everything from cutting-edge hardware to innovative software and the latest gadgets. Join me as I explore the...
Comments (1)
You must be logged in to comment.

Sign In