This flaw could allow someone with local administrator rights to load malicious microcode patches, putting secure computing environments at risk.

Researchers found that the problem comes from using an insecure hash function during the signature check for microcode updates on Zen 1 through Zen 4 chips.

This weakness lets an attacker create any patch they want—for example, the team made one that makes the chip always return the number four when asked for a random value.

This issue not only opens the door for both helpful and harmful modifications of AMD chips but also threatens the security systems behind AMD Secure Encrypted Virtualization (SEV-SNP) and Dynamic Root of Trust Measurement.

The vulnerability is classified as HIGH risk, with the official disclosure stating: "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP."

The timeline shows careful coordination between Google and AMD. Google first reported the problem on 25 September 2024, and AMD provided an embargoed fix to its customers on 17 December 2024.

Further details and tools are promised for release on 5 March 2025.