CVE-2024-56161
Publication date 3 February 2025
Last updated 2 April 2025
Ubuntu priority
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 24.10 oracular |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
This CVE tracks the AMD SEV-SNP firmware that exists in amd64-microcode package. CVE-2024-36347 is somewhat related to this CVE, but tracks the changes applied to the Linux kernel AMD SEV firmware were included in noble onwards, based on upstream release 20220411, releases older than that are not supported.
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-56161
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
- https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
- https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099830#26