CVE-2024-56161 | THREATINT

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

PUBLISHED Reserved 2024-12-17 | Published 2025-02-03 | Updated 2025-04-02 | Assigner AMD

HIGH: 7.2CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status

affected

NaplesPI 1.0.0.P

unaffected

Default status

affected

RomePI 1.0.0.L

unaffected

Default status

affected

MilanPI 1.0.0.F

unaffected

Default status

affected

Genoa 1.0.0.E

unaffected

References

www.openwall.com/lists/oss-security/2025/02/04/1

www.openwall.com/lists/oss-security/2025/03/06/2

www.amd.com/...es/product-security/bulletin/amd-sb-7033.html

lists.debian.org/debian-lts-announce/2025/03/msg00024.html

www.amd.com/...es/product-security/bulletin/amd-sb-3019.html

cve.org (CVE-2024-56161)

nvd.nist.gov (CVE-2024-56161)

Download JSON

help @ threatint.eu