AMD’s securely encrypted virtualization revealed security vulnerability (SEV), which can allow the attacker to load a malicious processor microcode under certain conditions.
The downside, tracked as Cve-2024-56161Carnate CVSS 7.2 out of 10.0, indicating high severity.
“Incorrect signature checking in the Microcode Micro-Patching Patch CPU ROM may allow an attacker with a local privilege administrator to load microcode processor, leading to the loss of confidentiality and integrity of the confidential guest operating under AMD Sev-SNP”, AMD – Note In advisory.
Discharges are attributed to Google Safety Researchers Josh Edsa, Christopher Jake, Eduard Vela, Tavis Ormandi and Matteo Ritz for opening and reports on September 25, 2024.
Sev – this Security function which uses a unique key on virtual virtual machines (VMS) and hypervisar from each other. The SNP, which deciphets as a safe invested hint includes memory protection to create an isolated execution environment and protect the hypervisor -based attacks.
“The Sev-SNP provides several additional security enhancements aimed at supporting additional VM usage models, provides stronger defense around break behaviors and offer increased protection against recent side channels,”- In the hall to AMD.
In a separate newsletter, Google noted The fact that the CVE-2024-56161 is the result of a dangerous hash function in checking a microcode updates that opens the door to the script if the opponent may threaten the confidential computational load.
The company has also released a test load to demonstrate vulnerability, but additional technical details have been retained for another month to give enough time to fix it through a “deep supply chain”.
