The recent findings by the Google Bug Hunters team have brought to light a critical flaw in the microcode signature validation process for AMD Zen processors. This vulnerability, which was exposed in February 2025, underscores the potential risks associated with AMD’s approach to patching hardware-level bugs through microcode updates rather than physical replacements.
In modern x86 CPUs, the microcode engine plays a crucial role in executing complex instructions by combining high-level x86 instructions with low-level operations executed by a RISC engine. Both Intel and AMD design their own microcode engines to enhance the CPU’s functionality and handle advanced features that may be too complex to implement directly in hardware.
Traditionally, fixing hardware flaws in CPUs required costly redesigns and manufacturing of new components. To address this issue, AMD and Intel introduced microcode updates, allowing for the patching of hardware issues through software updates. AMD has implemented this system since the K8 architecture in 2003, enabling the company to address performance, security, and stability issues through BIOS or operating system updates.
The application of microcode patches on AMD Zen processors involves a four-step process: authorship, authentication, delivery, and verification/installation. AMD generates a microcode patch that includes metadata, an RSA public key modulus, and encrypted micro-operations. This patch is signed using AMD’s private key and verified against a hardcoded public key in the processor to ensure authenticity before being distributed and installed on the CPU.
Despite the robust cryptographic protections in place, a critical flaw in the microcode signature validation process was identified. The vulnerability stems from AMD’s use of AES-CMAC instead of a secure hash function like SHA-256 in the RSASSA-PKCS1-v1_5 signature algorithm. This design flaw allows attackers to forge valid microcode patches by manipulating the hashing process, potentially leading to the injection of malicious code into the CPU without detection.
Researchers from the Google Bug Hunters team discovered that older AMD Zen CPUs used a public key known from NIST SP 800-38B, enabling them to create colliding RSA public keys and bypass the CPU’s verification process. While exploiting this vulnerability is complex, the implications could be severe, allowing attackers to compromise security features and install malicious firmware undetected.
In conclusion, the AMD Zen processor vulnerability highlights the importance of robust cryptographic practices in securing modern processors. This flaw serves as a reminder that even established systems can harbor vulnerabilities, underscoring the need for standardized security measures to prevent exploitation and ensure the integrity of hardware systems.