CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-56161

High Severity
40
SVRS
7.2
CVSSv3
0.001
EPSS
TAGS
In The Wild
VECTOR STRING
CVSS:3.1AV:LAC:HPR:HUI:NS:CC:HI:HA:N
PUBLICATION DATE2025-02-03
LAST MODIFIED2025-04-02

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2024-56161, involves improper signature verification within the AMD CPU ROM microcode patch loader. It is a critical issue because it could allow an attacker with local administrator privileges to load malicious CPU microcode. The primary impact is the loss of confidentiality and integrity for confidential guests running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). This matters significantly for environments relying on SEV-SNP for hardware-enforced isolation and protection of sensitive virtual machine workloads.
What are the CVSS score, severity level, and disclosure details?
The CVSS score for CVE-2024-56161 is 7.2. This score classifies the vulnerability as a High severity level. The vulnerability was publicly published on 2025-02-03 at 17:24:01 UTC and was last modified on 2025-04-02 at 22:03:14 UTC.
Which products, vendors, systems, and versions are affected?
  • Vendor: AMD
  • Products/Systems: AMD CPU ROM microcode patch loader, specifically affecting confidential guests running under AMD SEV-SNP.
  • Versions: Specific affected versions are not detailed in the provided CVE data. It impacts systems utilizing AMD CPUs with the SEV-SNP feature.
What is the technical root cause and attack vector?
The technical root cause of CVE-2024-56161 is an Improper Signature Verification (CWE-347) flaw in the AMD CPU ROM microcode patch loader. The attack vector requires an attacker to possess local administrator privilege on the affected system to successfully load malicious CPU microcode. This indicates that while the vulnerability is severe, it necessitates a level of prior access.
How can this vulnerability be exploited?
Exploitation of CVE-2024-56161 requires an attacker to first gain local administrator privileges on the host system. Once these privileges are obtained, the attacker can leverage the improper signature verification flaw in the AMD CPU ROM microcode patch loader to inject and load malicious CPU microcode. This malicious microcode can then compromise the confidentiality and integrity of any confidential guests running under AMD SEV-SNP, allowing unauthorized access to or manipulation of sensitive data within those virtual machines.
What mitigation steps and patches are available?
Specific mitigation steps and patches are not detailed in the provided CVE data. Typically, such vulnerabilities are addressed through updated microcode or BIOS/firmware updates released by AMD and system manufacturers. Administrators should monitor official AMD security advisories and system vendor updates for patches related to CVE-2024-56161.
How can vulnerable systems be detected?
Information on specific detection methods for CVE-2024-56161 is not provided in the available CVE data. Detection would likely involve:
  • Checking system firmware/BIOS versions against known vulnerable ranges.
  • Monitoring for unofficial or tampered microcode loads, though this might require specialized tools or privileged logging.
  • Reviewing host system logs for suspicious activity indicative of administrator compromise, which is a prerequisite for exploitation.
What are the indicators of compromise (IOCs)?
Specific Indicators of Compromise (IOCs) are not detailed in the provided CVE data for CVE-2024-56161. Potential IOCs, if exploitation were suspected, might include:
  • Unusual CPU microcode versions loaded on AMD systems.
  • Unexpected behavior or crashes of confidential guests running under AMD SEV-SNP.
  • Evidence of unauthorized access or modification of sensitive data within SEV-SNP protected VMs without a clear root cause from software vulnerabilities.
  • Host system logs showing attempted or successful privilege escalation to local administrator followed by attempts to modify system firmware or microcode.
Which threat actors are known to exploit this vulnerability?
There is no information provided in the CVE data that identifies specific threat actors known to exploit CVE-2024-56161. Given the requirement for local administrator privilege and the technical nature of the exploit (loading malicious CPU microcode), it is likely to be targeted by sophisticated actors, including nation-state groups or well-resourced criminal organizations, who aim to compromise highly secure virtualized environments.
What public intelligence references and advisories exist?
The primary public intelligence reference for this vulnerability is its CVE identifier: CVE-2024-56161. No other specific advisories or intelligence references beyond the CVE itself are provided in the available data. Users should monitor AMD's official security advisories and relevant industry bulletins for further information.
What is the risk assessment and urgency level?
The risk assessment for CVE-2024-56161 is High. This is based on a CVSS score of 7.2 and the potential for severe impact on confidentiality and integrity within AMD SEV-SNP protected environments. The urgency level is also High for organizations utilizing AMD SEV-SNP for confidential computing. While the prerequisite of local administrator privilege limits immediate broad exploitation, any system where such privilege could be obtained becomes a target for a high-impact compromise. Organizations should prioritize patching and monitoring efforts, especially for systems hosting sensitive workloads under AMD SEV-SNP.

No IOCs found for this CVE

No exploits found for this CVE

SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware
Dr. Johannes B. Ullrich2025-03-06
SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware DShield Traffic Analysis using ELK The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool. https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742 Zen and the Art
sans.edurssforumnews
Krypt3ia Daily Cyber Threat Intelligence (CTI) Digest
Krypt3ia2025-10-01
Krypt3ia Daily Cyber Threat Intelligence (CTI) Digest | Date: 2.13.25 🚨 Top Headlines Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job Summary: Tools typically employed by Chinese cyberespionage groups have been used in a recent ransomware attack, likely by an individual hacker, Symantec notes in a fresh report. The toolset includes a legitimate Toshiba executable deployed on the victims’ systems to sideload [&#8230;]Date: 2.13.25 <img alt="🚨" class="wp-smiley" src="https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f6a8.png
wordpress.comrssforumnews
USN-7561-1: AMD Microcode vulnerabilities
2025-06-09
USN-7561-1: AMD Microcode vulnerabilities | It was discovered that AMD Microcode incorrectly handled memory addresses. An attacker with local administrator privilege could possibly use this issue to cause loss of integrity of a confidential guest running under AMD SEV-SNP. (CVE-2023-20584, CVE-2023-31356) Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. (CVE-2024-56161)
ubuntu.comrssforumnews
Show All News
avatar
PPHM Hacker News@PPHM_HackerNews
2025-07-12
A Deep Dive into AMD's Microcode Vulnerability A critical security flaw, designated as CVE-2024-56161, has been identified within AMD's Zen-based processors, encompassing architectures from Zen 1 through Zen 4. This vulnerability enables individuals with local administrative https://t.co/wuHk81EyKm
avatar
Ferramentas Linux@Cezar_H_Linux
2025-06-09
🚨 #CVE-2024-56161: AMD microcode bug in Ubuntu 25.04 lets attackers bypass SEV-SNP security. Patch + reboot ASAP if using AMD EPYC/Ryzen Pro! 🔗 Details: 👉 https://t.co/mbIa0PwwjD #InfoSec #Linux #DataCenter https://t.co/lGiNYKxVyD
Show All Tweets

No affected software found for this CVE

ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/02/04/1
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/03/06/2
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/02/04/1
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/02/04/1
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/03/06/2
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/02/04/1
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2025/03/06/2
AF854A3A-2127-422B-91AE-364DA2661108https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
GITHUBhttp://www.openwall.com/lists/oss-security/2025/02/04/1
CWE IDCWE NameDescription
CWE-347Improper Verification of Cryptographic SignatureThe software does not verify, or incorrectly verifies, the cryptographic signature for data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access