How was the EntrySign vulnerability discovered?

Researchers at Google discovered the weakness in AMD's signature verification process, which allowed them to craft forged signatures for arbitrary or potentially malicious microcode.

What are the exploitation requirements for the EntrySign vulnerability?

Exploitation of this vulnerability requires kernel-level (ring 0) privileges, which limits the attack surface in consumer environments.

Which AMD processors are affected by the EntrySign vulnerability?

The vulnerability impacts Zen 5-based microprocessors across all product lines, including: Granite Ridge (Desktop Ryzen 9000 series), Turin (EPYC 9005 family), Strix Point, Krackan Point, and Strix Halo.

What is AMD's solution for the EntrySign vulnerability?

AMD distributed the updated firmware AGESA 1.2.0.3C to motherboard vendors to address the vulnerability.

How can users protect their systems from the EntrySign vulnerability?

Users are advised to check their motherboard manufacturer's website regularly for BIOS updates that specifically mention AGESA 1.2.0.3C firmware. So far, MSI has released BIOS updates incorporating AGESA 1.2.0.3C for some of its 800-series motherboards.

Advisory

AMD releases patches for critical Zen 5 microcode flaw

Q: What is the EntrySign vulnerability affecting AMD processors?

EntrySign (CVE-2024-36347) is a security vulnerability in AMD's Zen 5 processors that allows unsigned and potentially malicious microcode to be executed on affected CPUs due to weaknesses in AMD's signature verification process. The flaw stems from AMD's signature verification process, which utilized a weak hashing algorithm (AES-CMAC).

Q: How severe is the EntrySign vulnerability?

The vulnerability is tracked as CVE-2024-36347 with a CVSS score varying from 6.4 to 9.8 on various sources, indicating a potentially critical security issue.

Q: Do malicious microcodes persist after system restart?

No, hot-loaded microcodes don't persist across reboots. The microcode resets to factory settings after system restart unless modified during the boot process by the BIOS or operating system.

Q: Are there any Zen 5 processors without available mitigation?

Yes, Fire Range (Ryzen 9000HX) processors are currently the only Zen 5 chips without available mitigation.

published: April 25, 2025

Take action: If you are running Zen 5-based microprocessors in your systems, check for firmware update from your vendor, and apply it. It's not a panic mode patch since exploit requires physical access to the system, but it's still smart to patch it. Because everyone leaves their equipment somewhere.

Learn More

AMD has released patches for a security vulnerability in its Zen 5 processors that allows unsigned and potentially malicious microcode to be executed on affected CPUs due to weaknesses in AMD's signature verification process.

The flaw is tracked as CVE-2024-36347 (CVSS score varying from 6.4 to 9.8 on various sources) is called EntrySign flaw and stems from AMD's signature verification process, which utilized a weak hashing algorithm (AES-CMAC). This weakness enabled researchers at Google to craft forged signatures for arbitrary or potentially malicious microcode. Exploitation of this vulnerability requires kernel-level (ring 0) privileges, limiting the attack surface in consumer environments.

It's important to note that hot-loaded microcodes don't persist across reboots. The microcode resets to factory settings after system restart unless modified during the boot process by the BIOS or operating system.

The vulnerability impacts Zen 5-based microprocessors across all product lines, including:

Granite Ridge (Desktop Ryzen 9000 series)
Turin (EPYC 9005 family)
Strix Point
Krackan Point
Strix Halo

Fire Range (Ryzen 9000HX) processors are currently the only Zen 5 chips without available mitigation.

AMD distributed the updated firmware AGESA 1.2.0.3C to motherboard vendors late last month. Due to the time required for partners to integrate and validate new firmware for each specific motherboard model, the rollout is happening gradually. So far, MSI has released BIOS updates incorporating AGESA 1.2.0.3C for some of its 800-series motherboards.

Users are advised to check their motherboard manufacturer's website regularly for BIOS updates that specifically mention AGESA 1.2.0.3C firmware.

AMD releases patches for critical Zen 5 microcode flaw