AMD Microcode Vulnerability Allows Attackers to Load Malicious Patches

A critical vulnerability in AMD’s Zen 1 through Zen 4 processors allows attackers to bypass microcode signature validation, potentially undermining hardware-based security mechanisms.

The flaw stems from AMD’s use of AES-CMAC as a hash function during microcode patch verification – a design decision that enables collision attacks and forged RSA keys.

Vulnerability Rooted in Cryptographic MIS Implementation

AMD’s microcode update process relies on RSASSA-PKCS1-v1_5 signatures, where patch integrity is verified using AES-CMAC instead of standardized hash functions like SHA-256.

Unlike secure hashing algorithms, CMAC’s structure allows attackers with knowledge of the AES key to craft collisions by injecting compensating blocks1. Researchers demonstrated this by:

1. Extracting the Hardcoded AES-CMAC Key: The key (2b7e151628aed2a6abf7158809cf4f3c) matched NIST test vectors and remained consistent across Zen generations1.
2. Generating Forged RSA Public Keys: Using the formula: N=p×q×0x61×(compensating block)N = p \times q \times \text{0x61} \times \text{(compensating block)}N=p×q×0x61×(compensating block) Researchers created valid modulus values hashing to AMD’s expected CMAC output1.
3. Bypassing Montgomery Checks: The attack included calculating valid Montgomery parameters (N’) to satisfy: (N⋅N′)mod  22048=−1(N \cdot N’) \mod 2^{2048} = -1(N⋅N′)mod22048=−1 ensuring compatibility with AMD’s modular arithmetic implementation1.

Microcode Manipulation via Zentool Framework

The team released zentool, an open-source toolkit enabling custom microcode patches.

A proof-of-concept modified the RDRAND instruction to always return 4 using:

bash./zentool edit --match 0=@rdrand --seq 0=0x100002 --insn q0i0="mov.qs rax,rax,4"  

This injects micro-ops that override the RDRAND handler in patch RAM, demonstrating arbitrary code execution at the microarchitecture level.

Successful exploitation requires:

Requirement	Description
Ring 0 Access	Kernel privileges to write to MSR 0xc0010020
Persistent Execution	Non-persistent across reboots
CPU Targeting	Per-core patching via taskset/isolcpus

Industry Impact and Mitigation

AMD has released microcode updates replacing AES-CMAC with a secure hash function, coordinated with Secure Processor firmware to validate patches pre-boot.

While immediate risks are mitigated by the need for local privilege escalation, the discovery impacts:

• Confidential Computing: SEV-SNP attestation could be compromised by malicious microcode
• Supply Chain Security: Malicious OEMs could sideload tampered updates
• Research Limitations: Prior assumptions about hardware-rooted trust require re-evaluation

Security teams should prioritize applying AMD’s 2024 microcode patches.

Researchers plan to expand Zentool’s capabilities, mirroring earlier Intel microcode projects that enabled performance optimizations and security feature prototyping.

This breakthrough underscores the critical need for open validation of hardware security primitives – a challenge as vendors increasingly rely on opaque, firmware-based protections.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free