CVE-2024-56161

Summary

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7001 SeriesNaplesPI 1.0.0.Punaffected
AMDAMD EPYC™ 7002 SeriesRomePI 1.0.0.Lunaffected
AMDAMD EPYC™ 7003 SeriesMilanPI 1.0.0.Funaffected
AMDAMD EPYC™ 9004 SeriesGenoa 1.0.0.Eunaffected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References