{ "threat_severity" : "Moderate", "public_date" : "2024-12-29T00:00:00Z", "bugzilla" : { "description" : "kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array", "id" : "2334820", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2334820" }, "cvss3" : { "cvss3_base_score" : "6.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nx86/CPU/AMD: Terminate the erratum_1386_microcode array\nThe erratum_1386_microcode array requires an empty entry at the end.\nOtherwise x86_match_cpu_with_stepping() will continue iterate the array after\nit ended.\nAdd an empty entry to erratum_1386_microcode to its end.", "A flaw was found in the AMD CPU erratum handling code in the Linux kernel. The erratum_1386_microcode array lacked a proper terminator, which could cause the x86_match_cpu_with_stepping() function to read beyond the end of the array. This results in undefined behavior during CPU feature detection and erratum handling. A local attacker may be able to exploit this flaw to cause a system crash or instability, affecting system availability." ], "statement" : "A potential out-of-bounds read was found in the Linux kernel's AMD CPU erratum handling logic. The erratum_1386_microcode array lacked a terminating empty entry, which could cause x86_match_cpu_with_stepping() to iterate beyond the array bounds. This might lead to incorrect behavior or kernel instability depending on memory layout at runtime.\nThe vulnerable code is part of the AMD erratum workaround logic in the CPU initialization path. Triggering this condition requires privileged kernel access, such as during CPU bring-up or microcode handling, which are not accessible to unprivileged users. Therefore, Privileges Required is set to High (PR:H).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13598", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "kernel-0:6.12.0-55.27.1.el10_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-56721\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56721\nhttps://lore.kernel.org/linux-cve-announce/2024122922-CVE-2024-56721-aaac@gregkh/T" ], "name" : "CVE-2024-56721", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }