AMD has released patches for a microprocessor vulnerability found by Google that could allow an attacker to load malicious microcode.
February 4, 2025 By Ionut Arghire
AMD on Monday announced patches for a microprocessor vulnerability that could lead to loss of Secure Encrypted Virtualization (SEV) protection, allowing attackers to load malicious microcode.
Tracked as CVE-2024-56161 (CVSS score of 7.2), the bug is described as an improper signature verification in the microcode patch loader on the AMD CPU read-only memory.
The security defect “may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP,” AMD explains in its advisory.
