7.2
CVE-2024-56161
- EPSS 0.01%
- Published 03.02.2025 18:15:37
- Last modified 02.04.2025 22:15:17
- Source psirt@amd.com
- Teams watchlist Login
- Open Login
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAMD
≫
Product
AMD EPYC™ 7001 Series
Default Statusaffected
Version
NaplesPI 1.0.0.P
Status
unaffected
VendorAMD
≫
Product
AMD EPYC™ 7002 Series
Default Statusaffected
Version
RomePI 1.0.0.L
Status
unaffected
VendorAMD
≫
Product
AMD EPYC™ 7003 Series
Default Statusaffected
Version
MilanPI 1.0.0.F
Status
unaffected
VendorAMD
≫
Product
AMD EPYC™ 9004 Series
Default Statusaffected
Version
Genoa 1.0.0.E
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.007 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@amd.com | 7.2 | 0.8 | 5.8 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.