Описание
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| amd64-microcode | fixed | 3.20250311.1 | package | |
| amd64-microcode | fixed | 3.20250311.1~deb12u1 | bookworm | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/01/22/1
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
https://github.com/google/security-research/tree/master/pocs/cpus/entrysign
https://github.com/google/security-research/tree/master/pocs/cpus/entrysign/zentool
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
EPSS
Связанные уязвимости
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
Уязвимость загрузчика микрокода AMD CPU ROM микропрограммного обеспечения процессоров AMD, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS