CPU, APU & Chipsets AMD confirms security vulnerability in every Zen 1 to Zen 5 processor

[Kaz]

 

  Quote

 

TL;DR: AMD has identified a security flaw, "EntrySign," affecting Zen 1 to Zen 5 CPUs, allowing attackers kernel-level access by bypassing microcode signature verification. A fix has been issued via the ComboAM5PI 1.2.0.3c AGESA update. The risk to general consumers is low, but updates are recommended.

 

AMD has confirmed a flaw within its signature verification for microcode updates within Zen 1 to Zen 5 CPUs. This security flaw has been dubbed "EntrySign" and enables attackers to gain kernel-level access.

 

Last month, AMD confirmed the flaw impacts the first four generations of its Zen CPUs, which include everything from desktop processors to the company's server-based EPYC chips. Now, AMD has confirmed its latest Zen 5 generation is also affected by this security flaw. The crux of the problem can be traced back to AMD's signature verification for microcode updates, which are critical updates AMD rolls out to fix any bugs, improve the stability of the chip, optimize performance, or provide security fixes to vulnerabilities.

 

The typical order of process is that an operating system or firmware loads the microcode that AMD has signed off on as secure and safe by running it through its verification process, but EntrySign is a vulnerability that enables attackers with ring 0 or kernel-level access to bypass safeguards. What is reassuring is that AMD has already rolled out a fix for the vulnerability to motherboard vendors via the ComboAM5PI 1.2.0.3c AGESA update.

 

Expand  

https://www.tweaktown.com/news/104554/amd-confirms-security-vulnerability-in-every-zen-1-to-5-processor/index.html

 

Requires system admin to facilitate.  If someone has system admin the system is already compromised but this might allow for long term persistence.  Just another reason to stay on top of updates.

 

[Sir Beregond]

  On 11/04/2025 at 17:54, Kaz said:

 

https://www.tweaktown.com/news/104554/amd-confirms-security-vulnerability-in-every-zen-1-to-5-processor/index.html

 

Requires system admin to facilitate.  If someone has system admin the system is already compromised but this might allow for long term persistence.  Just another reason to stay on top of updates.

Expand  

But the later AGESA updates lower the max voltage I can set. 

 

Honestly probably for the best. I should probably update. Been on the same 3801 BIOS for my X570 Dark Hero since 2022. Then again, I'll probably forget about this and stay on 3801. Lot of people hate the newer BIOS's for this board.

Edited April 11 by Sir Beregond