CVE-2024-56161

Published: Feb 3, 2025Modified: Apr 2, 2025

7.2

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Exploitability: 0.8 / Impact: 5.8

Source: psirt@amd.com (Secondary)

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (5)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

Source: psirt@amd.com

http://www.openwall.com/lists/oss-security/2025/02/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/03/06/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.