CVE-2024-56161 — EntrySign: Improper Verification of Cryptographic Signature in Amd64-microcode

CWE-347 — Improper Verification of Cryptographic Signature8 documents6 sources

Severity

7.2HIGHNVD

OSV6.0

EPSS

0.1%

top 72.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Amd64-microcode

Timeline

PublishedFeb 3

Latest updateJun 9

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.8

Affected Packages1 packages

▶debiandebian/amd64-microcode< amd64-microcode 3.20250311.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

amd64-microcode vulnerabilities↗2025-06-09

▶

OSV

CVE-2024-56161: Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU m↗2025-02-03

▶

📋Vendor Advisories

Ubuntu

AMD Microcode vulnerabilities↗2025-06-09

▶

Ubuntu

AMD Microcode vulnerability↗2025-06-09

▶

Red Hat

kernel: hw:amd: Vulnerability in guest VM protected by SEV when loading malicious firmware↗2025-02-03

▶

Debian

CVE-2024-56161: amd64-microcode - Improper signature verification in AMD CPU ROM microcode patch loader may allow ...↗2024

▶

🕵️Threat Intelligence

Bleepingcomputer

AMD fixes bug that lets hackers load malicious microcode patches↗2025-02-05

▶