Apparently there’s a major #vulnerability in #AMD CPUs: “AMD Microcode Signature Verification Vulnerability.”
The vulnerability was leaked by #ASUS in their beta BIOS changelog:
ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won’t be for a long while.
#infosec #cybersecurity
So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation “DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende” gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s
@harrysintonen@infosec.exchange hadn’t seen that, but I had seen that “PeCoffLoader memory overflow issue for security” which sounded oddly suspicious
@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn’t seem to be going great here.
Update: The “PeCoffLoader memory overflow issue for security” likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796
