| Name | CVE-2024-56161 |
| Description | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4098-1 |
| Debian Bugs | 1095470 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| amd64-microcode (PTS) | bullseye/non-free | 3.20240820.1~deb11u1 | vulnerable |
| bullseye/non-free (security) | 3.20250311.1~deb11u1 | fixed | |
| bookworm/non-free-firmware | 3.20250311.1~deb12u1 | fixed | |
| bookworm/non-free-firmware (security) | 3.20230719.1~deb12u1 | vulnerable | |
| sid/non-free-firmware, forky/non-free-firmware, trixie/non-free-firmware | 3.20250311.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| amd64-microcode | source | bullseye | 3.20250311.1~deb11u1 | DLA-4098-1 | ||
| amd64-microcode | source | bookworm | 3.20250311.1~deb12u1 | |||
| amd64-microcode | source | (unstable) | 3.20250311.1 | 1095470 |
https://www.openwall.com/lists/oss-security/2025/01/22/1
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
https://github.com/google/security-research/tree/master/pocs/cpus/entrysign
https://github.com/google/security-research/tree/master/pocs/cpus/entrysign/zentool
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking