AMD confirms Zen 5 silicon is also vulnerable to "EntrySign" BIOS microcode bug

zohaibahd

zohaibahd

Posts: 976   +19
Staff
In a nutshell: Google researchers recently disclosed a stealthy security flaw dubbed "EntrySign" that allowed malicious code execution through unsigned microcode patches on AMD processors from Zen 1 through Zen 4. Team Red just confirmed that its upcoming Zen 5 chips are also affected.

The core problem is a flaw in AMD's signature verification for microcode updates – low-level patches chipmakers deploy after CPUs ship to fix bugs or security issues. Typically, the operating system or firmware loads only the microcode that AMD has signed and approved. EntrySign lets attackers with ring 0 (kernel-level) access bypass this safeguard on affected chips.

Last month, AMD said EntrySign had impacted the first four generations of Zen CPUs across their entire product line. Everything from mainstream Ryzen chips to beefy EPYC server processors was vulnerable.

Team Red updated its security bulletin this week, confirming that even new Zen 5 chips are vulnerable to the bug. Affected systems include:

  • Ryzen 9000 "Granite Ridge" CPUs
  • EPYC 9005 "Turin" server chips
  • AI-focused Ryzen AI 300 processors with Strix Halo, Strix Point, and Krackan Point
  • Ryzen 9000HX "Fire Range" laptop CPUs.

The good news is AMD has already delivered a fix to motherboard vendors via the ComboAM5PI 1.2.0.3c AGESA update. So, if you haven't already done so, check your motherboard vendor's website for a BIOS update.

The server situation is slightly more convoluted. While AMD has released mitigations for desktop and older EPYC chips affected by EntrySign, patches for the new EPYC Turin models vulnerable to the bug aren't expected until later this month.

On the bright side, executing this hack requires higher-level system privileges. Unlike persistent malware, a system restart clears any malicious microcode loaded this way. While the practical risk for typical consumers is relatively low, the potential for abuse in data centers and cloud settings makes this a significant security concern that AMD and its partners are working quickly to contain.

Permalink to story:

AMD confirms Zen 5 silicon is also vulnerable to "EntrySign" BIOS microcode bug

 
Maybe it's just me, but it seems like just about every new CPU generation released over the last decade or so has a bunch of microcode vulnerabilities upon release that are later patched, but often the fix reduces performance.

I don't remember CPU microcode vulnerabilities being so prevalent in the news before the huge Meltdown/Spector vulnerability surfaced several generations ago. Was it that much less of an issue before Meltdown/Spector, or was the news just not covering it?

Total speculation from a layman, but the skeptical conspiracy theorist part of me speculates that maybe they are knowingly/carelessly releasing CPUs with microcode vulnerabilities to improve performance when the product launches for better initial reviews, and then later patching it and hurting performance.

I'm sure microcode issues have always been a thing, but why do they seem so prevalent now?
 
Wonder when there will be firmware updates for their Threadripper line... my Asus Sage TRX50 is still at 803 from several months ago - no new update yet...
 
Phylop said:
Maybe it's just me, but it seems like just about every new CPU generation released over the last decade or so has a bunch of microcode vulnerabilities upon release that are later patched, but often the fix reduces performance.

I don't remember CPU microcode vulnerabilities being so prevalent in the news before the huge Meltdown/Spector vulnerability surfaced several generations ago. Was it that much less of an issue before Meltdown/Spector, or was the news just not covering it?

Total speculation from a layman, but the skeptical conspiracy theorist part of me speculates that maybe they are knowingly/carelessly releasing CPUs with microcode vulnerabilities to improve performance when the product launches for better initial reviews, and then later patching it and hurting performance.

I'm sure microcode issues have always been a thing, but why do they seem so prevalent now?
Click to expand...
Mostly increased complexity and security/performance tradeoffs. Customers buy for performance and compute efficiency. A more detailed explanation below.

Microcode has been used extensively in CISC cpus (amd, intel) for decades. It allows the reconfiguration of components within the CPU that form part of the instruction handling units. With CPUs support increasingly complex instructions, think for example avx512, increasingly complex microcode is being used to implement these.
The microcode subroutines are called by the instructions that your program is compiled to, and are directly affecting cpu performance. So a lot of effort goes into performance optimization of the micro code. Input check and verification logic, which often is used on higher level software prevent vulnerabilities, but takes time to execute.
The other cpu paradigm, RISC (ARM, risc5 and many micro controllers) rely on simple hard wired instructions, I.e. the individual instructions themselves are wired using digital logic (hardware). These can not be reconfigured, hence better security on that level. However, the use software is compiled into substanitally more simple instructions. Leaving the risk for low level vulnerabilities there.
 
  • Like
Reactions: Cal Jeffrey, kiwigraeme, Phylop and 1 other person
Phylop said:
Maybe it's just me, but it seems like just about every new CPU generation released over the last decade or so has a bunch of microcode vulnerabilities upon release that are later patched, but often the fix reduces performance.

I don't remember CPU microcode vulnerabilities being so prevalent in the news before the huge Meltdown/Spector vulnerability surfaced several generations ago. Was it that much less of an issue before Meltdown/Spector, or was the news just not covering it?

Total speculation from a layman, but the skeptical conspiracy theorist part of me speculates that maybe they are knowingly/carelessly releasing CPUs with microcode vulnerabilities to improve performance when the product launches for better initial reviews, and then later patching it and hurting performance.

I'm sure microcode issues have always been a thing, but why do they seem so prevalent now?
Click to expand...


subnex answer it very well, I think as well security was probably not even much an issue or build into early CPUs.
More tools/resources , more connected stuff etc
On my parents house when we grew up , not only did we not lock our front door ( or car ) and front door had no lock , not even an internal one!!
 
Not worried. Requires local admin privileges. If an intruder has that there are far worse things they can get up to.
 
subnex said:
Mostly increased complexity and security/performance tradeoffs. Customers buy for performance and compute efficiency. A more detailed explanation below.

Microcode has been used extensively in CISC cpus (amd, intel) for decades. It allows the reconfiguration of components within the CPU that form part of the instruction handling units. With CPUs support increasingly complex instructions, think for example avx512, increasingly complex microcode is being used to implement these.
The microcode subroutines are called by the instructions that your program is compiled to, and are directly affecting cpu performance. So a lot of effort goes into performance optimization of the micro code. Input check and verification logic, which often is used on higher level software prevent vulnerabilities, but takes time to execute.
The other cpu paradigm, RISC (ARM, risc5 and many micro controllers) rely on simple hard wired instructions, I.e. the individual instructions themselves are wired using digital logic (hardware). These can not be reconfigured, hence better security on that level. However, the use software is compiled into substanitally more simple instructions. Leaving the risk for low level vulnerabilities there.
Click to expand...
Or did hackers/researchers not think to look there until more recently? Browsers used to seem more secure back in the day, too, but were they? Or was it just that hackers hadn't gotten around to it? Is it that microcode flaws are new, or is it just that those looking for them chose the easier things to look at first? If I'm a burglar, I might start out only robbing houses with unlocked doors because that is the easiest point of entry. But when people start locking their doors, I might start trying the windows, then crawl spaces, etc.
 
Phylop said:
Maybe it's just me, but it seems like just about every new CPU generation released over the last decade or so has a bunch of microcode vulnerabilities upon release that are later patched, but often the fix reduces performance.

I don't remember CPU microcode vulnerabilities being so prevalent in the news before the huge Meltdown/Spector vulnerability surfaced several generations ago. Was it that much less of an issue before Meltdown/Spector, or was the news just not covering it?

Total speculation from a layman, but the skeptical conspiracy theorist part of me speculates that maybe they are knowingly/carelessly releasing CPUs with microcode vulnerabilities to improve performance when the product launches for better initial reviews, and then later patching it and hurting performance.

I'm sure microcode issues have always been a thing, but why do they seem so prevalent now?
Click to expand...
In entire my life with AMD CPU I never ever has been hacked but I saw tons of PCs with Intel CPUs suiffering from vulnerable
 
SAYEDMOHD said:
In entire my life with AMD CPU I never ever has been hacked but I saw tons of PCs with Intel CPUs suiffering from vulnerable
Click to expand...

Sorry, but your basis for that claim is just nonsense. Intel wasn't the only one susceptible to the early microcode style exploits. The main reason is that AMD has never held a significant enough portion of the market share.
 
  • Like
Reactions: Loadedaxe
Phylop said:
Maybe it's just me, but it seems like just about every new CPU generation released over the last decade or so has a bunch of microcode vulnerabilities upon release that are later patched, but often the fix reduces performance.

I don't remember CPU microcode vulnerabilities being so prevalent in the news before the huge Meltdown/Spector vulnerability surfaced several generations ago. Was it that much less of an issue before Meltdown/Spector, or was the news just not covering it?

Total speculation from a layman, but the skeptical conspiracy theorist part of me speculates that maybe they are knowingly/carelessly releasing CPUs with microcode vulnerabilities to improve performance when the product launches for better initial reviews, and then later patching it and hurting performance.

I'm sure microcode issues have always been a thing, but why do they seem so prevalent now?
Click to expand...

More and more people having access to computers is the answer, really. They have always been around, but the issue is simply the pervasiveness of computing devices now. And the reason they come out with these vulnerabilities is because no one knows about them, not even the manufacturers. There are entire tech firms dedicated to finding vulnerabilities in software and hardware, and things even go unnoticed by them sometimes.

The problem is, no amount of patching will ever resolve the issue. There are always more vulnerabilities, and there will never not be. It's unavoidable. Anything that can be made came be exploited, pure and simple.
 
You must log in or register to reply here.

Similar threads

D
Critical vulnerability in AMD Zen 5 CPUs could make encryption keys predictable
Replies
5
Views
154
arrowflash
A
midian182
AMD roadmap confirms Zen 6 launch window and process node, teases Zen 7
Replies
6
Views
196
trieste1s
T
Daniel Sims
Intel confirms "Nova Lake" Core Ultra 400 CPUs are coming in late 2026
Replies
17
Views
244
umeng2002
umeng2002

Latest posts

Back