Do Son 
Google’s security team has uncovered a critical vulnerability in the microcode of AMD processors, designated as EntrySign (ID: AMD-SB-7033). This flaw affects the entire Zen processor lineup—from the original Zen 1 to the latest Zen 5—including both consumer-grade and enterprise-class CPUs. The vulnerability enables users with kernel-level privileges (ring 0) to load unsigned microcode updates, potentially allowing arbitrary code execution within the processor itself.
At the heart of the issue lies a flawed implementation of digital signature verification during microcode loading. While modern processors are shipped with immutable microcode embedded in ROM, manufacturers can deploy temporary updates during OS or BIOS/UEFI boot to patch known vulnerabilities. These updates persist only for the duration of the current session and are cleared upon reboot.
EntrySign exploits a weakness in AMD’s hashing mechanism used for microcode signing, effectively bypassing verification and permitting the injection of malicious microcode. The risk is particularly acute in server environments, where the vulnerability could be leveraged to circumvent the Secure Encrypted Virtualization (SEV) and SEV-SNP memory protection mechanisms (ID: AMD-SB-3019), thereby potentially exposing data from virtual machines.
The list of affected processors now includes the Zen 5 family: Ryzen 9000 (Granite Ridge), EPYC 9005 (Turin), Ryzen AI 300 (Strix Halo, Strix Point, Krackan Point), and Ryzen 9000HX (Fire Range). A microcode patch—AGESA ComboAM5PI 1.2.0.3c—has already been made available for select motherboards, and users are urged to monitor their motherboard vendor’s website for BIOS updates. However, a corresponding fix for the SEV-related flaw in EPYC Turin server chips has not yet been released and is expected later this month.
Although exploiting the vulnerability requires privileged access and does not persist after reboot, its implications in academic and research contexts remain significant. For instance, at the upcoming RVSPOC 2025 competition, participants will attempt to launch RISC-V binaries on AMD Zen hardware by substituting the microcode during the boot process using EntrySign.
