CVE-2024-56721: x86/CPU/AMD: Terminate the erratum_1386_microcode array

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU/AMD: Terminate the erratum_1386_microcode array

The erratum_1386_microcode array requires an empty entry at the end.
Otherwise x86_match_cpu_with_stepping() will continue iterate the array after
it ended.

Add an empty entry to erratum_1386_microcode to its end.

Classification

CVE ID: CVE-2024-56721

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/82d6b82cf89d950982ac240ba068c3a7e1f23b0a
https://git.kernel.org/stable/c/ccfee14f08b8699132b87bc6d78e0fa75bf094dd
https://git.kernel.org/stable/c/ff6cdc407f4179748f4673c39b0921503199a0ad

Timeline

2024-12-30 00:30:18 UTC
CVE

x86/CPU/AMD: Terminate the erratum_1386_microcode array