CVE-2024-56161

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56161
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
http://www.openwall.com/lists/oss-security/2025/02/04/1
http://www.openwall.com/lists/oss-security/2025/03/06/2
https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
Configurations

No configuration.

History

02 Apr 2025, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html -

06 Mar 2025, 19:15

Type Values Removed Values Added
References
  • () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html -

06 Mar 2025, 06:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/03/06/2 -

04 Feb 2025, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/02/04/1 -
Summary
  • (es) La verificación de firma incorrecta en el cargador de parches de microcódigo ROM de CPU AMD puede permitir que un atacante con privilegios de administrador local cargue microcódigo de CPU malicioso, lo que resulta en la pérdida de confidencialidad e integridad de un invitado confidencial que se ejecuta bajo AMD SEV-SNP.

03 Feb 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-03 18:15

Updated : 2025-04-02 22:15

NVD link : CVE-2024-56161

Mitre link : CVE-2024-56161

CVE.ORG link : CVE-2024-56161

JSON object : View

Products Affected

No product.

CWE
CWE-347

Improper Verification of Cryptographic Signature