Cyber Resilience

CVE-2024-56161

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0010 27.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56161 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Amd (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2024-56161 involves improper signature verification (CWE-347) in the AMD CPU ROM microcode patch loader. This vulnerability affects AMD processors, particularly those supporting Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), where it may enable the loading of malicious CPU microcode. Published on 2025-02-03, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability effects.

Exploitation requires local access, high attack complexity, and local administrator privileges. A successful attacker can load malicious CPU microcode, resulting in the loss of confidentiality and integrity for a confidential guest running under AMD SEV-SNP.

AMD has issued security bulletins AMD-SB-3019 and AMD-SB-7033 detailing mitigations, available at amd.com resources. Additional announcements appear on oss-security mailing lists (2025/02/04 and 2025/03/06) and Debian LTS announce (2025/03/msg00024.html).

EU & UK References

Vulnerability details

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

Improper signature verification directly enables loading of malicious CPU microcode, mapping to system firmware modification for pre-OS boot persistence or subversion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-12006Shared CWE-347
CVE-2025-12007Shared CWE-347
CVE-2026-34240Shared CWE-347
CVE-2025-24043Shared CWE-347
CVE-2026-23687Shared CWE-347
CVE-2024-13172Shared CWE-347
CVE-2026-41669Shared CWE-347
CVE-2026-27962Shared CWE-347
CVE-2026-32974Shared CWE-347
CVE-2026-44714Shared CWE-347

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires software and firmware components, including CPU microcode patches, to use valid digital signatures verified prior to loading or execution, directly countering improper signature verification.

preventdetect

Mandates cryptographic integrity verification of firmware and software to prevent loading of malicious microcode and detect unauthorized changes in the patch loader.

prevent

Requires verification of component authenticity prior to installation or use, ensuring only legitimate AMD CPU microcode patches are loaded in SEV-SNP environments.

References