Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

From: Siddh Raman Pant
Date: Wed Jun 04 2025 - 05:25:25 EST

Next message: Geert Uytterhoeven: "Re: [PATCH v2 3/3] arm64: dts: renesas: r8a779g3: Describe split PCIe clock on V4H Sparrow Hawk"
Previous message: tip-bot2 for Marc Zyngier: "[tip: irq/urgent] PCI/MSI: Size device MSI domain with the maximum number of vectors"
Next in thread: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2 Apr 2025 13:51:58 +0100, Greg Kroah-Hartman wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
>
> [...]
>
> This does not have any security implications since flashing microcode is
> a privileged operation but I believe this has reliability implications by
> potentially corrupting memory while flashing a microcode update.

If it is explicitly specified that this does not have any security
implication, why is this a CVE?

IMO this should be rejected.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Geert Uytterhoeven: "Re: [PATCH v2 3/3] arm64: dts: renesas: r8a779g3: Describe split PCIe clock on V4H Sparrow Hawk"
Previous message: tip-bot2 for Marc Zyngier: "[tip: irq/urgent] PCI/MSI: Size device MSI domain with the maximum number of vectors"
Next in thread: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]