ELA-1365-1 amd64-microcode security update

improper signature verification

2025-03-31
Packageamd64-microcode
Version3.20250311.1~deb8u1 (jessie), 3.20250311.1~deb9u1 (stretch), 3.20250311.1~deb10u1 (buster)
Related CVEs CVE-2024-56161


A potential vulnerability has been found for certain AMD platforms which creates a possible confidential computing vulnerability.

AMD has released updated microcode to prevent an attacker from loading tampered microcode.

Additionally, an SEV firmware update might be required for some platforms to support SEV-SNP attestation, which may also necessitate a BIOS update.

For details please see the AMD security bulletin AMD-SB-3019.

CVE-2024-56161 (AMD-SB-3019):

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privileges to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.


For Debian 10 buster, these problems have been fixed in version 3.20250311.1~deb10u1.

For Debian 8 jessie, these problems have been fixed in version 3.20250311.1~deb8u1.

For Debian 9 stretch, these problems have been fixed in version 3.20250311.1~deb9u1.

We recommend that you upgrade your amd64-microcode packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.