CVE-2024-56161

high

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

References

References
More

https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/

https://www.bleepingcomputer.com/news/security/amd-fixes-bug-that-lets-hackers-load-malicious-microcode-patches/

https://www.theregister.com/2025/02/04/google_amd_microcode/

https://www.securityweek.com/amd-patches-cpu-vulnerability-found-by-google/

https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html

https://cloud.google.com/support/bulletins/index#gcp-2025-007

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html

http://www.openwall.com/lists/oss-security/2025/03/06/2

http://www.openwall.com/lists/oss-security/2025/02/04/1

Details

Source: Mitre, NVD

Published: 2025-02-03

Updated: 2025-04-02

Named Vulnerability: EntrySignNamed Vulnerability: AMD Microcode Signature Verification Vulnerability

Risk Information

CVSS v2

Base Score: 5.3

Vector: CVSS2#AV:L/AC:H/Au:M/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00009