CVE-2024-56721

HIGH EPSS 13.0%
Published Dec 29, 20241y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Dec 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.10  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 3

  • git.kernel.org https://git.kernel.org/stable/c/82d6b82cf89d950982ac240ba068c3a7e1f23b0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ccfee14f08b8699132b87bc6d78e0fa75bf094dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff6cdc407f4179748f4673c39b0921503199a0ad
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/82d6b82cf89d950982ac240ba068c3a7e1f23b0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ccfee14f08b8699132b87bc6d78e0fa75bf094dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff6cdc407f4179748f4673c39b0921503199a0ad
    Patch