AMD has confirmed that its upcoming Zen 5 processors are vulnerable to the “EntrySign” security flaw, a stealthy bug that allows malicious code execution via unsigned microcode patches.
The EntrySign flaw resides in AMD’s signature verification process for microcode updates, which are low-level patches chipmakers deploy after CPUs ship to fix bugs or security issues. Typically, the operating system or firmware loads only the microcode that AMD has signed and approved. However, EntrySign lets attackers with ring 0 (kernel-level) access bypass this safeguard on affected chips.
Affected Zen 5 processors include Ryzen 9000 “Granite Ridge” CPUs, EPYC 9005 “Turin” server chips, AI-focused Ryzen AI 300 processors with Strix Halo, Strix Point, and Krackan Point, and Ryzen 9000HX “Fire Range” laptop CPUs. Notably, the EntrySign vulnerability affects AMD processors from Zen 1 through Zen 5, impacting a broad range of products from mainstream Ryzen chips to beefy EPYC server processors.
AMD has released a fix for desktop and older EPYC chips through the ComboAM5PI 1.2.0.3c AGESA update, which motherboard vendors are incorporating into BIOS updates. Users are advised to check their motherboard vendor’s website for a BIOS update to mitigate the issue. However, patches for the new EPYC Turin server processors are expected later this month, indicating a slightly more complex server situation.
While exploiting the EntrySign flaw requires higher-level system privileges, which mitigates the risk for typical users, the potential for abuse in data centers and cloud environments remains a significant concern. Fortunately, a system restart removes any malicious microcode that was loaded, providing some relief. AMD and its partners are working quickly to contain the issue, driven by the potential risks in critical infrastructure.
