Cyber Posture

CVE-2024-56161

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0008 23.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56161 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Amd (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to System Firmware (T1542.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-14 Signed Components good match
prevent

Requires software and firmware components, including CPU microcode patches, to use valid digital signatures verified prior to loading or execution, directly countering improper signature verification.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Mandates cryptographic integrity verification of firmware and software to prevent loading of malicious microcode and detect unauthorized changes in the patch loader.

SR-11 Component Authenticity good match
prevent

Requires verification of component authenticity prior to installation or use, ensuring only legitimate AMD CPU microcode patches are loaded in SEV-SNP environments.

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
attack.mitre.org →
Why these techniques?

Improper signature verification directly enables loading of malicious CPU microcode, mapping to system firmware modification for pre-OS boot persistence or subversion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Deeper analysisAI

CVE-2024-56161 involves improper signature verification (CWE-347) in the AMD CPU ROM microcode patch loader. This vulnerability affects AMD processors, particularly those supporting Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), where it may enable the loading of malicious CPU microcode. Published on 2025-02-03, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability effects.

Exploitation requires local access, high attack complexity, and local administrator privileges. A successful attacker can load malicious CPU microcode, resulting in the loss of confidentiality and integrity for a confidential guest running under AMD SEV-SNP.

AMD has issued security bulletins AMD-SB-3019 and AMD-SB-7033 detailing mitigations, available at amd.com resources. Additional announcements appear on oss-security mailing lists (2025/02/04 and 2025/03/06) and Debian LTS announce (2025/03/msg00024.html).

Details

CWE(s)
CWE-347

Affected Products

Amd
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-12007Shared CWE-347
CVE-2025-12006Shared CWE-347
CVE-2025-27773Shared CWE-347
CVE-2026-5466Shared CWE-347
CVE-2026-40372Shared CWE-347
CVE-2026-38651Shared CWE-347
CVE-2026-34377Shared CWE-347
CVE-2026-20997Shared CWE-347
CVE-2025-23206Shared CWE-347
CVE-2025-52648Shared CWE-347

References