AMD Releases Firmware Update to Address Security Vulnerability
/ 1 min read
🔒💻 AMD addresses critical vulnerability allowing malicious microcode execution. AMD has released firmware updates to mitigate a high-severity security flaw (CVE-2024-56161) that could enable attackers with local admin privileges to load harmful CPU microcode on unpatched devices. This vulnerability affects AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), which is designed to protect confidential workloads. To counter this threat, users must update their microcode and, in some cases, the SEV firmware, requiring a system BIOS update and reboot. Google security researchers discovered the flaw and provided a proof-of-concept exploit, highlighting the potential risks to confidential computing environments. AMD also received reports of cache-based side-channel attacks affecting various EPYC processors, urging developers to adopt best practices to mitigate these risks.
