CVE-2024-56161

high

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

References

https://www.theregister.com/2025/02/04/google_amd_microcode/

https://www.securityweek.com/amd-patches-cpu-vulnerability-found-by-google/

https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html

https://cloud.google.com/support/bulletins/index#gcp-2025-007

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

http://www.openwall.com/lists/oss-security/2025/02/04/1

Details

Source: Mitre, NVD

Published: 2025-02-03

Updated: 2025-02-04

Risk Information

CVSS v2

Base Score: 5.3

Vector: CVSS2#AV:L/AC:H/Au:M/C:C/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Severity: High