AMD confirms processor security flaws after Asus patch slips out early

Asus mentioned an AMD microcode flaw in recent patch notes
The flaw was not yet publicized by the processor manufacturer
AMD has since confirmed the news

AMD has seemingly confirmed the existence of a microcode vulnerability which apparently spilled, unintentionally, from PC maker Asus.

Security researcher Tavis Ormandy recently spotted a BETA bios fix for a “microcode signature verification vulnerability” apparently plaguing Asus’ gaming motherboards, being mentioned in the company’s release notes.

This was quite strange, since at the time AMD had made no mention of any such vulnerability.

Confirmation from AMD

“It looks like an OEM leaked the patch for a major upcoming CPU vulnerability, ie: ‘AMD Microcode Signature Verification Vulnerability,'” Ormandy said. “I’m not thrilled about this. The patch is not currently in linux-firmware, so this is the only publicly available patch.”

Microcode can be described as a set of small instructions stored inside a processor that tells it how to do specific tasks. It works behind the scenes to help the processor understand and carry out more complicated commands.

After the community started asking questions, Asus edited the notes to remove mentioning AMD’s microcode issue. In the meantime, the chipmaker told The Register that Asus’ information was correct:

“AMD is aware of a newly reported processor vulnerability. Execution of the attack requires both local administrator level access to the system, and development and execution of malicious microcode,” it said.

The company also suggested abusing the bug requires the victims being tricked into action.

“AMD has provided mitigations and is actively working with its partners and customers to deploy those mitigations,” it added. “AMD recommends customers continue to follow industry-standard security practices and only work with trusted suppliers when installing new code on their systems. AMD plans to issue a security bulletin soon with additional guidance and mitigation options.”

At press time, there was no information about the processor models affected by this vulnerability.

Via The Register

Services Marketplace – Listings, Bookings & Reviews

Entertainment blogs & Forums

The 46 Best Shows on Max (aka HBO Max) Right Now (January 2025)

LinkedIn may snoop on your private messages to train AI

Believe it or not, Doom: The Dark Ages returns to the series’ PC roots

Nvidia’s DLSS 4 just came to your old GPU — here’s what you can use

The 46 Best Shows on Max (aka HBO Max) Right Now (January 2025)

The Science Fiction and Fantasy Books You Can’t Afford to Miss in September!

Send a newsletter? This $100 list-building tool is just $12 right now.

There’s officially a snake named after Salazar Slytherin now

The 46 Best Shows on Max (aka HBO Max) Right Now (January 2025)

LinkedIn may snoop on your private messages to train AI

Believe it or not, Doom: The Dark Ages returns to the series’ PC roots

Nvidia’s DLSS 4 just came to your old GPU — here’s what you can use

AMD confirms processor security flaws after Asus patch slips out early

Bydls

Confirmation from AMD

You might also like

Related Post

The 46 Best Shows on Max (aka HBO Max) Right Now (January 2025)

LinkedIn may snoop on your private messages to train AI

Believe it or not, Doom: The Dark Ages returns to the series’ PC roots

Leave a Reply Cancel reply

You missed

The 46 Best Shows on Max (aka HBO Max) Right Now (January 2025)

LinkedIn may snoop on your private messages to train AI

Believe it or not, Doom: The Dark Ages returns to the series’ PC roots

Nvidia’s DLSS 4 just came to your old GPU — here’s what you can use