{"id":"USN-7560-1","summary":"amd64-microcode vulnerability","details":"Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo\ndiscovered that AMD Microcode incorrectly verified signatures. An attacker\nwith local administrator privilege could possibly use this issue to cause\nloss of confidentiality and integrity of a confidential guest running under\nAMD SEV-SNP.","modified":"2026-01-30T01:05:44.722374Z","published":"2025-06-09T13:18:04.824499Z","related":["UBUNTU-CVE-2024-56161"],"upstream":["CVE-2024-56161","UBUNTU-CVE-2024-56161"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7560-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56161"}],"affected":[{"package":{"name":"amd64-microcode","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/amd64-microcode@3.20250311.1ubuntu0.25.04.1?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20250311.1ubuntu0.25.04.1"}]}],"versions":["3.20240116.2+nmu1ubuntu1","3.20240116.2+nmu1ubuntu1.1","3.20240820.1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.20250311.1ubuntu0.25.04.1","binary_name":"amd64-microcode"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2024-56161","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.04"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7560-1.json"}}],"schema_version":"1.7.3"}