AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub

A vulnerability in AMD Zen-based CPUs allows attackers with local administrator privileges to load malicious microcode patches. The vulnerability, discovered by Google Security Team, affects Zen 1 through Zen 4 CPUs and could compromise confidential computing workloads. AMD released a fix on December 17, 2024, and a public disclosure was made on February 3, 2025.