CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
http://www.openwall.com/lists/oss-security/2025/02/04/1
http://www.openwall.com/lists/oss-security/2025/03/06/2
https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Configurations

No configuration.

History

No history.

Information

Published : 2025-02-03 18:15

Updated : 2025-04-02 22:15

NVD link : CVE-2024-56161

Mitre link : CVE-2024-56161

CVE.ORG link : CVE-2024-56161

JSON object : View

Products Affected

No product.

CWE

CWE-347

Improper Verification of Cryptographic Signature

7.2 /10