{"id":"USN-7561-1","summary":"amd64-microcode vulnerabilities","details":"It was discovered that AMD Microcode incorrectly handled memory addresses.\nAn attacker with local administrator privilege could possibly use this\nissue to cause loss of integrity of a confidential guest running under AMD\nSEV-SNP. (CVE-2023-20584, CVE-2023-31356)\n\nJosh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo\ndiscovered that AMD Microcode incorrectly verified signatures. An attacker\nwith local administrator privilege could possibly use this issue to cause\nloss of confidentiality and integrity of a confidential guest running under\nAMD SEV-SNP. (CVE-2024-56161)","modified":"2026-02-10T04:48:59Z","published":"2025-06-09T13:38:02Z","related":["UBUNTU-CVE-2023-20584","UBUNTU-CVE-2023-31356","UBUNTU-CVE-2024-56161"],"upstream":["CVE-2023-20584","CVE-2023-31356","CVE-2024-56161","UBUNTU-CVE-2023-20584","UBUNTU-CVE-2023-31356","UBUNTU-CVE-2024-56161"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7561-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-20584"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31356"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-56161"}],"affected":[{"package":{"name":"amd64-microcode","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/amd64-microcode@3.20250311.1ubuntu0.24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20250311.1ubuntu0.24.04.1"}]}],"versions":["3.20230808.1.1ubuntu1","3.20231019.1ubuntu1","3.20231019.1ubuntu2","3.20231019.1ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_name":"amd64-microcode","binary_version":"3.20250311.1ubuntu0.24.04.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-20584"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-31356"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-56161"}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7561-1.json"}}],"schema_version":"1.7.3"}