AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

2025-02-04 08:58

A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

News URL

https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html

#AMD #vulnerability #CVE-2024-56161

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-03	CVE-2024-56161	Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
AMD		892	5	120	122	27	274