{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-56161","assignerOrgId":"b58fc414-a1e4-4f92-9d70-1add41838648","state":"PUBLISHED","assignerShortName":"AMD","dateReserved":"2024-12-17T21:34:57.677Z","datePublished":"2025-02-03T17:24:01.185Z","dateUpdated":"2025-04-02T22:03:14.707Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","packageName":"NaplesPI 1.0.0.P","product":"AMD EPYC™ 7001 Series","vendor":"AMD","versions":[{"status":"unaffected","version":"NaplesPI 1.0.0.P"}]},{"defaultStatus":"affected","packageName":"RomePI 1.0.0.L","product":"AMD EPYC™ 7002 Series","vendor":"AMD","versions":[{"status":"unaffected","version":"RomePI 1.0.0.L"}]},{"defaultStatus":"affected","packageName":"MilanPI 1.0.0.F","product":"AMD EPYC™ 7003 Series","vendor":"AMD","versions":[{"status":"unaffected","version":"MilanPI 1.0.0.F"}]},{"defaultStatus":"affected","product":"AMD EPYC™ 9004 Series","vendor":"AMD","versions":[{"status":"unaffected","version":"Genoa 1.0.0.E"}]}],"datePublic":"2025-02-03T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.<br>"}],"value":"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b58fc414-a1e4-4f92-9d70-1add41838648","shortName":"AMD","dateUpdated":"2025-02-03T17:24:01.185Z"},"references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/02/04/1"},{"url":"http://www.openwall.com/lists/oss-security/2025/03/06/2"},{"url":"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-04-02T22:03:14.707Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-56161","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-02-03T17:43:59.636370Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:51:23.409Z"}}]}}