Improper verification of cryptographic signature in AMD EPYC processors



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-56161
CWE-ID CWE-347
Exploitation vector Local
Public exploit N/A
Vulnerable software
1st Gen AMD EPYC Processors
Hardware solutions / Firmware

2nd Gen AMD EPYC Processors
Hardware solutions / Firmware

3rd Gen AMD EPYC Processors
Hardware solutions / Firmware

4th Gen AMD EPYC Processors
Hardware solutions / Firmware

AMD EPYC Embedded 7002
Hardware solutions / Firmware

AMD EPYC Embedded 7003
Hardware solutions / Firmware

AMD EPYC Embedded 9004
Hardware solutions / Firmware

Vendor AMD

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU103603

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56161

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper verification of cryptographic signature in AMD CPU ROM microcode patch loader. A local privileged user can load a malicious CPU microcode and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.P

2nd Gen AMD EPYC Processors: before RomePI 1.0.0.L

3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.F

4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.E

AMD EPYC Embedded 7002: before 1.0.0.D

AMD EPYC Embedded 7003: before 1.0.0.A

AMD EPYC Embedded 9004: before 1.0.0.9

CPE2.3 External links

http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###