CVE-2024-56161
7.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Summary
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Series | NaplesPI 1.0.0.P | unaffected |
| AMD | AMD EPYC™ 7002 Series | RomePI 1.0.0.L | unaffected |
| AMD | AMD EPYC™ 7003 Series | MilanPI 1.0.0.F | unaffected |
| AMD | AMD EPYC™ 9004 Series | Genoa 1.0.0.E | unaffected |
Weaknesses
- CWE-347: CWE-347 Improper Verification of Cryptographic Signature
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2025/02/04/1
- http://www.openwall.com/lists/oss-security/2025/03/06/2
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.