CVE-2024-56161

EUVD-2024-52992
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
AMDCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
amd64-microcode
bookworm/non-free-firmware
3.20250311.1~deb12u1
fixed
bookworm/non-free-firmware (security)
vulnerable
bullseye/non-free
vulnerable
bullseye/non-free (security)
3.20250311.1~deb11u1
fixed
forky/non-free-firmware
3.20251202.1
fixed
sid/non-free-firmware
3.20251202.1
fixed
trixie/non-free-firmware
3.20250311.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
amd64-microcode
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
Fixed 3.20250311.1ubuntu0.24.04.1
released
oracular
Fixed 3.20250311.1ubuntu0.24.10.1
released
plucky
Fixed 3.20250311.1ubuntu0.25.04.1
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
http://www.openwall.com/lists/oss-security/2025/02/04/1
http://www.openwall.com/lists/oss-security/2025/03/06/2
https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html