CVE-2024-56161

NameCVE-2024-56161
DescriptionImproper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1095470

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amd64-microcode (PTS)bullseye/non-free3.20240820.1~deb11u1vulnerable
bullseye/non-free (security)3.20230719.1~deb11u1vulnerable
bookworm/non-free-firmware3.20240820.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20230719.1~deb12u1vulnerable
sid/non-free-firmware, trixie/non-free-firmware3.20240820.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amd64-microcodesource(unstable)(unfixed)1095470

Notes

https://www.openwall.com/lists/oss-security/2025/01/22/1
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
https://github.com/google/security-research/tree/master/pocs/cpus/entrysign

Search for package or bug name: Reporting problems