What is CVE-2024-56161?

CVE-2024-56161 is a high-severity vulnerability in Amd Epyc™ 7001 Series, classified under Improper Verification of Cryptographic Signature. CVSS score: 7.2/10. Published 2025-02-03.

How severe is CVE-2024-56161?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2024-56161 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd Epyc™ 7001 Series

CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest runni…

EPSS: 0.001 (27.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

Amd Epyc™ 7001 Series — versions NaplesPI 1.0.0.P
Amd Epyc™ 7002 Series — versions RomePI 1.0.0.L
Amd Epyc™ 7003 Series — versions MilanPI 1.0.0.F
Amd Epyc™ 9004 Series — versions Genoa 1.0.0.E

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

Public proof-of-concept exploits

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

Frequently asked questions

What is CVE-2024-56161?: CVE-2024-56161 is a high-severity vulnerability in Amd Epyc™ 7001 Series, classified under Improper Verification of Cryptographic Signature. CVSS score: 7.2/10. Published 2025-02-03.
How severe is CVE-2024-56161?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2024-56161 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.