CVE-2024-56161

Published Feb 3, 2025

Last updated a day ago

CVSS high 7.2

Overview

Description
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Source
psirt@amd.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.8
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

psirt@amd.com
CWE-347

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. 🚨 A new flaw (CVE-2024-56161) in AMD SEV could allow attackers to load malicious CPU microcode on vulnerable systems. It exploits improper signature verification, allowing attackers local admin access to tamper with microcode. https://t.co/hWdeE7lNnV

    @Kill_billw

    4 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. AMD has patched a critical CPU vulnerability (CVE-2024-56161) that jeopardizes Secure Encrypted Virtualization systems. BIOS updates are needed for protection. ⚠️ #AMD #Vulnerability #USA link: https://t.co/0BXv0we8LO https://t.co/WcMSUXwCzM

    @TweetThreatNews

    4 Feb 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A serious vulnerability (CVE-2024-56161) in AMD's SEV-SNP allows local admins to execute malicious CPU microcode, threatening VM integrity. High severity score of 7.2. 😱 #AMDSecurity #Microcode #USA link: https://t.co/Pg9pSLXZLw https://t.co/7M133jqsYx

    @TweetThreatNews

    4 Feb 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 A new flaw (CVE-2024-56161) in AMD SEV could allow attackers to load malicious CPU microcode on vulnerable systems. It exploits improper signature verification, allowing attackers local admin access to tamper with microcode. Read more: https://t.co/e15pyAdPGE

    @TheHackersNews

    4 Feb 2025

    10703 Impressions

    44 Retweets

    90 Likes

    12 Bookmarks

    2 Replies

    2 Quotes

  5. CVE-2024-56161 Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulti… https://t.co/bAFa5mTABs

    @CVEnew

    3 Feb 2025

    230 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References