AMD confirms Zen 5 silicon is also vulnerable to “EntrySign” BIOS microcode bug

In a nutshell: Google researchers recently disclosed a stealthy security flaw dubbed “EntrySign” that allowed malicious code execution through unsigned microcode patches on AMD processors from Zen 1 through Zen 4. Team Red just confirmed that its upcoming Zen 5 chips are also affected.

The core problem is a flaw in AMD’s signature verification for microcode updates – low-level patches chipmakers deploy after CPUs ship to fix bugs or security issues. Typically, the operating system or firmware loads only the microcode that AMD has signed and approved. EntrySign lets attackers with ring 0 (kernel-level) access bypass this safeguard on affected chips.

Last month, AMD said EntrySign had impacted the first four generations of Zen CPUs across their entire product line. Everything from mainstream Ryzen chips to beefy EPYC server processors was vulnerable.

Team Red updated its security bulletin this week, confirming that even new Zen 5 chips are vulnerable to the bug. Affected systems include:

Ryzen 9000 “Granite Ridge” CPUs
EPYC 9005 “Turin” server chips
AI-focused Ryzen AI 300 processors with Strix Halo, Strix Point, and Krackan Point
Ryzen 9000HX “Fire Range” laptop CPUs.

The good news is AMD has already delivered a fix to motherboard vendors via the ComboAM5PI 1.2.0.3c AGESA update. So, if you haven’t already done so, check your motherboard vendor’s website for a BIOS update.

The server situation is slightly more convoluted. While AMD has released mitigations for desktop and older EPYC chips affected by EntrySign, patches for the new EPYC Turin models vulnerable to the bug aren’t expected until later this month.

On the bright side, executing this hack requires higher-level system privileges. Unlike persistent malware, a system restart clears any malicious microcode loaded this way. While the practical risk for typical consumers is relatively low, the potential for abuse in data centers and cloud settings makes this a significant security concern that AMD and its partners are working quickly to contain.

Source link

Viewing art can boost wellbeing by giving meaning to life

Premier League money matters: the table that really counts in May | Premier League

Club World Cup teams facing tax threat in new blow to expanded tournament | Club World Cup

Behind the scenes as Birmingham City dream a dream of WSL | Birmingham City Women

Towards gene-targeting drugs capable of targeting brain diseases

Access Denied

AMD confirms Zen 5 silicon is also vulnerable to “EntrySign” BIOS microcode bug

Viewing art can boost wellbeing by giving meaning to life

Premier League money matters: the table that really counts in May | Premier League

Club World Cup teams facing tax threat in new blow to expanded tournament | Club World Cup

Behind the scenes as Birmingham City dream a dream of WSL | Birmingham City Women

Towards gene-targeting drugs capable of targeting brain diseases

Access Denied

Access Denied

Access Denied

Access Denied

Access Denied

Access Denied

Access Denied

3D-printed open-source robot offers accessible solution for materials synthesis

Kylian Mbappé’s legal team go on attack over ‘missing €55m’ dispute with PSG | Kylian Mbappé