AMD CPUs Improper Signature Verification Vulnerability in Microcode Patch Loader Allowing Malicious Microcode Execution

A vulnerability exists in the AMD CPU ROM microcode patch loader due to improper signature verification. This issue may enable an attacker with local administrator privileges to load malicious microcode patches. The potential consequences include a loss of integrity in x86 instruction execution, compromised confidentiality and integrity of data within the x86 CPU privileged context, and a breach of the System Management Mode (SMM) execution environment.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of malicious microcode, disrupting x86 instruction integrity and compromising data confidentiality and integrity in privileged CPU contexts, along with the SMM execution environment.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware versions available for their specific AMD processor series. Instructions for obtaining these updates can be found on the AMD Product Security Bulletin page.