Critical Vulnerability Found in AMD Processors: Attackers Can Inject Malicious Microcode to Disrupt CPU Operation!

A serious vulnerability discovered in AMD processors by Google researchers has created a stir in the cybersecurity world. This vulnerability may allow attackers to load malicious microcode directly into AMD processors, potentially compromising their operation.

The vulnerability has been assigned the identifier CVE-2024-36347 and received a CVSS severity score of 6.4 (medium risk level).

The root cause of the issue lies in a flaw in the signature verification algorithm used during microcode loading in AMD processors. In other words, if an attacker gains administrator privileges on a system, they may upload unauthorized or malicious microcode patches to the processor.

As stated in AMD’s official security bulletin:

“This vulnerability may allow an attacker with administrative privileges to load unauthorized CPU microcode patches.”

Google researchers demonstrated not only the ability to load unsigned microcode but also managed to bypass authentication by forging a fake signature.

Potential Impact of the Vulnerability:

Violating the integrity of CPU instruction execution;
Stealing confidential and protected information;
Fully compromising the CPU’s System Management Mode (SMM) environment;
Gaining complete control over the affected system.

Conditions Required to Exploit the Vulnerability:

Administrator-level privileges on the target system;
Ability to abuse the microcode signature verification flaw.

AMD’s Mitigation Plan:

AMD is preparing Platform Initialization (PI) firmware updates to patch this vulnerability.

Planned Release Dates for Updates:

EPYC Naples, Rome, Milan — December 13, 2024
EPYC Genoa — December 16, 2024
EPYC Turin — March 4, 2025
Ryzen and other processors — Starting from January 2025

After installing the update, any attempt to load unauthorized microcode on systems with outdated BIOS versions will trigger a #GP (General Protection) fault.

As of now, there have been no publicly known incidents of this vulnerability being exploited in real-world attacks.

However, Google’s successful bypass of AMD’s signature verification mechanism serves as a serious warning signal for the security architecture of modern processors.

Recommendations for Users and Organizations:

Monitor firmware updates from your processor manufacturer closely;
Apply security updates as soon as they become available;
Strengthen your system’s security measures.

In today’s cybersecurity landscape, timely updates and proactive security measures remain the only reliable guarantee of protection!

Computer Emergency
Response Team

Computer Emergency
Response Team

Critical Vulnerability Found in AMD Processors: Attackers Can Inject Malicious Microcode to Disrupt CPU Operation!

Potential Impact of the Vulnerability:

Conditions Required to Exploit the Vulnerability:

AMD’s Mitigation Plan:

Planned Release Dates for Updates:

Recommendations for Users and Organizations:

Potential Impact of the Vulnerability:

Conditions Required to Exploit the Vulnerability:

AMD’s Mitigation Plan:

Planned Release Dates for Updates:

Recommendations for Users and Organizations:

🔐 “Power Parasites” Phishing Attacks Targeting Energy Companies and Major Brands

🔐 New Vulnerabilities Rapidly Exploited: 159 CVE Vulnerabilities Used in Active Attacks in First Three Months of 2025

🔐 Critical Vulnerability Discovered in Commvault Command Center: Full System Takeover Possible via Remote Management