Advisories » MGASA-2025-0124

Updated microcode packages fix security vulnerability

Publication date: 03 Apr 2025
Modification date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56161

Description

Improper signature verification in AMD CPU ROM microcode patch loader
may allow an attacker with local administrator privilege to load
malicious CPU microcode resulting in loss of confidentiality and
integrity of a confidential guest running under AMD SEV-SNP.
(CVE-2024-56161)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34149
• https://lists.debian.org/debian-lts-announce/2025/03/msg00024.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56161

SRPMS

9/nonfree

• microcode-0.20250211-2.mga9.nonfree