Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

From: gregkh@xxxxxxxxxxxxxxxxxxx
Date: Wed Jun 04 2025 - 05:28:13 EST

Next message: Sebastian Andrzej Siewior: "Re: futex performance regression from "futex: Allow automatic allocation of process wide futex hash""
Previous message: Thomas Gleixner: "Re: [PATCH v1 7/7] time: Export symbol for sched_clock register function"
In reply to: Siddh Raman Pant: "Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 04, 2025 at 09:24:12AM +0000, Siddh Raman Pant wrote:
> On Wed, 2 Apr 2025 13:51:58 +0100, Greg Kroah-Hartman wrote:
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
> >
> > [...]
> >
> > This does not have any security implications since flashing microcode is
> > a privileged operation but I believe this has reliability implications by
> > potentially corrupting memory while flashing a microcode update.
>
> If it is explicitly specified that this does not have any security
> implication, why is this a CVE?
>
> IMO this should be rejected.

Doesn't "causing corrupted memory when flashing a microcode update" fit
the cve.org definition of a "vulnerabilty"?

thanks,

greg k-h

Next message: Sebastian Andrzej Siewior: "Re: futex performance regression from "futex: Allow automatic allocation of process wide futex hash""
Previous message: Thomas Gleixner: "Re: [PATCH v1 7/7] time: Export symbol for sched_clock register function"
In reply to: Siddh Raman Pant: "Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]