UBUNTU-CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

References

Affected packages

Ubuntu:24.04:LTS / amd64-microcode

Package

Name: amd64-microcode
Purl: pkg:deb/ubuntu/amd64-microcode@3.20250311.1ubuntu0.24.04.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20250311.1ubuntu0.24.04.1

Affected versions

3.*

3.20230808.1.1ubuntu1

3.20231019.1ubuntu1

3.20231019.1ubuntu2

3.20231019.1ubuntu2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "amd64-microcode",
            "binary_version": "3.20250311.1ubuntu0.24.04.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04 / amd64-microcode

Package

Name: amd64-microcode
Purl: pkg:deb/ubuntu/amd64-microcode@3.20250311.1ubuntu0.25.04.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20250311.1ubuntu0.25.04.1

Affected versions

3.*

3.20240116.2+nmu1ubuntu1

3.20240116.2+nmu1ubuntu1.1

3.20240820.1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "amd64-microcode",
            "binary_version": "3.20250311.1ubuntu0.25.04.1"
        }
    ],
    "availability": "No subscription required"
}