AMD confirms Zen 5 silicon is also vulnerable to "EntrySign" BIOS microcode bug

Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust In a nutshell: Google researchers recently disclosed a stealthy security flaw dubbed "EntrySign" that allowed malicious code execution through unsigned microcode patches on AMD processors from Zen 1 through Zen 4. Team Red just confirmed that its upcoming Zen 5 chips are also affected. The core problem is a flaw in AMD's signature verification for microcode updates – low-level patches chipmakers deploy after CPUs ship to fix bugs or security issues. Typically, the operating system or firmware loads only the microcode that AMD has signed and approved. EntrySign lets attackers with ring 0 (kernel-level) access bypass this safeguard on affected chips. Last month, AMD said EntrySign had impacted the first four generations of Zen CPUs across their entire product line. Everything from mainstream Ryzen chips to beefy EPYC server processors was vulnerable. Team Red updated its security bulletin ... Read full article.