Critical Linux Kernel Vulnerabilities Affecting AMD Zen Processors

Severity: High (Score: 70.5)

Sources: Ubuntu, launchpad.net

Summary

Multiple vulnerabilities were discovered in the Linux kernel, primarily affecting AMD Zen processors. The most notable flaw, known as EntrySign (CVE-2024-36347), allows privileged attackers to bypass CPU microcode signature verification, potentially leading to integrity and confidentiality breaches. This vulnerability impacts various subsystems across MIPS, PowerPC, and x86 architectures, among others. The updates released address several security issues, but the risk remains significant due to the potential for exploitation. The vulnerabilities were reported by researchers Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo. Users are advised to apply the latest patches to mitigate these risks. The vulnerabilities were published on June 27, 2025, and have been a focus of recent security advisories. The situation is ongoing as new updates are released to address these flaws. Key Points: • EntrySign (CVE-2024-36347) allows privileged access to load malicious CPU microcode. • Vulnerabilities affect multiple architectures, including MIPS, PowerPC, and x86. • Immediate patching is recommended to mitigate risks associated with these vulnerabilities.

Key Entities

• Malware (attack_type)
• CVE-2024-36347 (cve)
• Linux (platform)
• Linux kernel (platform)
• EntrySign (vulnerability)