Описание
In the Linux kernel, the following vulnerability has been resolved:
x86/CPU/AMD: Terminate the erratum_1386_microcode array
The erratum_1386_microcode array requires an empty entry at the end.
Otherwise x86_match_cpu_with_stepping() will continue iterate the array after
it ended.
Add an empty entry to erratum_1386_microcode to its end.
A flaw was found in the AMD CPU erratum handling code in the Linux kernel. The erratum_1386_microcode array lacked a proper terminator, which could cause the x86_match_cpu_with_stepping() function to read beyond the end of the array. This results in undefined behavior during CPU feature detection and erratum handling. A local attacker may be able to exploit this flaw to cause a system crash or instability, affecting system availability.
Отчет
A potential out-of-bounds read was found in the Linux kernel's AMD CPU erratum handling logic. The erratum_1386_microcode array lacked a terminating empty entry, which could cause x86_match_cpu_with_stepping() to iterate beyond the array bounds. This might lead to incorrect behavior or kernel instability depending on memory layout at runtime. The vulnerable code is part of the AMD erratum workaround logic in the CPU initialization path. Triggering this condition requires privileged kernel access, such as during CPU bring-up or microcode handling, which are not accessible to unprivileged users. Therefore, Privileges Required is set to High (PR:H).
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:13598 | 11.08.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end.
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end.
In the Linux kernel, the following vulnerability has been resolved: x ...
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end.
Уязвимость функции init_amd_bd() модуля arch/x86/kernel/cpu/amd.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации.
EPSS
6 Medium
CVSS3