CVE-2024-56161
Public on 2025-02-03
Modified on 2025-02-12
Description
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | linux-firmware | Not Affected | ||
| HAQM Linux 2023 | linux-firmware | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 6.9 | CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.2 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N |