CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56161: Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious...

7.2 CVSS

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Classification

CVE ID: CVE-2024-56161

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Affected Products

Vendor: AMD

Product: AMD EPYC™ 7001 Series

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-04 (when was this score calculated)

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

Timeline

2025-02-04 00:48:20 UTC
CVE

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious...
2025-02-04 10:01:23 UTC
TheHackerNews

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
2025-03-06 09:45:27 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-56161