CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
AMDCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
amd64-microcode
bullseye/non-free
vulnerable
bookworm
no-dsa
bullseye/non-free (security)
3.20250311.1~deb11u1
fixed
bookworm/non-free-firmware
vulnerable
bookworm/non-free-firmware (security)
vulnerable
trixie/non-free-firmware
3.20250311.1
fixed
sid/non-free-firmware
3.20250311.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
amd64-microcode
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
http://www.openwall.com/lists/oss-security/2025/02/04/1
http://www.openwall.com/lists/oss-security/2025/03/06/2
https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html