Vulnerability cyber

AMD

Mar 7, 2025 1 min read
AMD

Researchers discovered a critical vulnerability in AMD's Zen CPUs, termed 'EntrySign,' which allows attackers with high privileges to install malicious microcode by exploiting the AES-CMAC algorithm's flaw used in validation processes. This vulnerability affects AMD Zen architecture CPUs from versions 1 to 4, enabling attackers to bypass cryptographic checks and potentially gain persistent access to manipulate the processors' instruction set. The impact of such an attack could be especially severe if the compromised CPUs are used in cloud services and AI infrastructures, posing risks to data integrity, system reliability, and the security posture of affected entities.

Source: https://cybersecuritynews.com/amd-microcode-signature-verification-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/AMD

"id": "amd658030725",
"linkid": "AMD",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'AMD',
                        'type': 'Company'}],
 'attack_vector': 'High Privilege Attack',
 'description': "Researchers discovered a critical vulnerability in AMD's Zen "
                "CPUs, termed 'EntrySign,' which allows attackers with high "
                'privileges to install malicious microcode by exploiting the '
                "AES-CMAC algorithm's flaw used in validation processes. This "
                'vulnerability affects AMD Zen architecture CPUs from versions '
                '1 to 4, enabling attackers to bypass cryptographic checks and '
                'potentially gain persistent access to manipulate the '
                "processors' instruction set. The impact of such an attack "
                'could be especially severe if the compromised CPUs are used '
                'in cloud services and AI infrastructures, posing risks to '
                'data integrity, system reliability, and the security posture '
                'of affected entities.',
 'impact': {'operational_impact': ['Data integrity',
                                   'System reliability',
                                   'Security posture'],
            'systems_affected': ['AMD Zen architecture CPUs from versions 1 to '
                                 '4']},
 'title': 'EntrySign Vulnerability in AMD Zen CPUs',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'AES-CMAC algorithm flaw'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.