Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

‘You can now jailbreak your AMD CPU’ — Google researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

‘You can now jailbreak your AMD CPU’ —
This is the hidden content, please
researchers release kit to exploit microcode vulnerability in Ryzen Zen 1 to Zen 4 chips

p4ik3CW4hCqt9gtAFFA4yD.jpg

A team of

This is the hidden content, please
researchers working with AMD recently discovered a major CPU exploit on Zen-based processors. The exploit allows anyone with local admin privileges to write and push custom microcode updates to affected CPUs. The same
This is the hidden content, please
team has released the
This is the hidden content, please
, including how to write your own microcode. Anyone can now effectively jailbreak their own AMD CPUs.

The exploit affects all AMD CPUs using the Zen 1 to Zen 4 architectures. AMD released a BIOS patch plugging the exploit shortly after its discovery, but any of the above CPUs with a BIOS patch before 2024-12-17 will be vulnerable to the exploit. Though a malicious actor wishing to abuse this vulnerability needs an extremely high level of access to a system to exploit it, those concerned should update their or their organization’s systems to the most recent BIOS update.

You can now jailbreak your AMD CPU!

This is the hidden content, please
This is the hidden content, please

The vulnerability is based on microcode, the low-level instructions determining how a CPU performs calculations. AMD and Intel have built their own custom RISC instruction sets (similar to alternative ISAs like RISC-V and ARM), which then internally contribute to a complex instruction set; in AMD and Intel’s case, x86. Both companies create their custom microcode specifically for their CPU architectures and have built-in systems to push microcode updates at runtime if a vulnerability is found later. The alternative would be hard-locking the microcode at fabrication, redesigning chips from the ground up, and issuing recalls if severe enough vulnerabilities were discovered.

The AMD vulnerability, named “EntrySign”, allows users to send custom microcode to any Zen 1 to Zen 4 CPU, changing how the processor runs and allowing users to do anything from accessing internal CPU buffers, strengthen or weaken security for VMs, and more. When the bug was first revealed, AMD’s bulletin focused on EPYC server-grade CPUs and how bad actors could make secure links to remote client PCs accessing a larger server lose their SEV-based protection. Now, it is clear that the microcode exploit spreads to many more CPUs than just EPYC and that the possibilities expand far beyond simply making a secure link unsecured.

This is the hidden content, please
engineer Tavis Ormandy bullishly declares that the vulnerability allows anyone to “jailbreak your AMD CPU” in an
This is the hidden content, please
sharing his technical breakdown.

Microcode updates are double-checked against a series of strings and keys, signed by AMD, and confirmed against a hard-coded public key into the CPU itself. The EntrySign exploit works because AMD uses the AES-CMAC function (a message authentication code) as a cryptographic hash function. CMAC being used in this out-of-spec manner allowed

This is the hidden content, please
’s researchers to reverse engineer the security keys, preventing end users from pushing their unsigned microcode updates to the CPU (helped in no small part by AMD reusing a publicly-accessible NIST example key as its security key).

This is the hidden content, please
’s Bughunters security team published a full technical outline of the vulnerability and the path they took to exploit it on
This is the hidden content, please
’s blog. Those with an unpatched AMD CPU from Zen 1 to Zen 4 can use
This is the hidden content, please
’s toolkit to jailbreak the processor themselves and share their findings and use cases with the research team.

With the full details of the EntrySign vulnerability fully public, caution should be exercised with unusual AMD CPUs. Buying any used/second-hand Ryzen chip from the Ryzen 7000 series or earlier now carries a non-zero risk of an unexpected payload of malicious microcode (h/t edzieba commenting on our previous coverage). However, this is seriously and extremely unlikely. Mysterious old Ryzen chips join mysterious flash drives in the list of things to not plug into your computer without protection.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.




This is the hidden content, please

#jailbreak #AMD #CPU #

This is the hidden content, please
#researchers #release #kit #exploit #microcode #vulnerability #Ryzen #Zen #Zen #chips

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept