AMD confirms processor security flaws after Asus patch slips out early

News
By published

Recently-released Asus patch notes included a fix for a yet-unrevealed AMD flaw

AMD Ryzen 5 7600X processor
(Image credit: Future)
  • Asus mentioned an AMD microcode flaw in recent patch notes
  • The flaw was not yet publicized by the processor manufacturer
  • AMD has since confirmed the news

AMD has seemingly confirmed the existence of a microcode vulnerability which apparently spilled, unintentionally, from PC maker Asus.

Security researcher Tavis Ormandy recently spotted a BETA bios fix for a “microcode signature verification vulnerability” apparently plaguing Asus’ gaming motherboards, being mentioned in the company’s release notes.

This was quite strange, since at the time AMD had made no mention of any such vulnerability.

Confirmation from AMD

"It looks like an OEM leaked the patch for a major upcoming CPU vulnerability, ie: 'AMD Microcode Signature Verification Vulnerability,'" Ormandy said. "I'm not thrilled about this. The patch is not currently in linux-firmware, so this is the only publicly available patch."

Microcode can be described as a set of small instructions stored inside a processor that tells it how to do specific tasks. It works behind the scenes to help the processor understand and carry out more complicated commands.

After the community started asking questions, Asus edited the notes to remove mentioning AMD’s microcode issue. In the meantime, the chipmaker told The Register that Asus’ information was correct:

"AMD is aware of a newly reported processor vulnerability. Execution of the attack requires both local administrator level access to the system, and development and execution of malicious microcode," it said.

The company also suggested abusing the bug requires the victims being tricked into action.

"AMD has provided mitigations and is actively working with its partners and customers to deploy those mitigations,” it added. “AMD recommends customers continue to follow industry-standard security practices and only work with trusted suppliers when installing new code on their systems. AMD plans to issue a security bulletin soon with additional guidance and mitigation options."

At press time, there was no information about the processor models affected by this vulnerability.

Via The Register

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about security
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
Closing the cybersecurity skills gap

How CISOs can meet the demands of new privacy regulations
See more latest