CVE-2024-56721

Advisory lineage Upstream: 0 Downstream: 30

Downstream

DEBIAN-CVE-2024-56721 RHSA-2025:13598 SUSE-SU-2026:0447-1 SUSE-SU-2026:0472-1 SUSE-SU-2026:0587-1 UBUNTU-CVE-2024-56721

Modified

Published: 29 Dec 2024, 11:29

Last modified:11 May 2026, 20:57

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (cve.org)

EPSS Score

0.01% LOW

0% probability -0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Dec 2024, 11:29

Published

Vulnerability first disclosed

11 May 2026, 20:57

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 29ba89f1895285f06c333546882e0c5ae9a6df23, < 82d6b82cf89d950982ac240ba068c3a7e1f23b0a | ≥ 29ba89f1895285f06c333546882e0c5ae9a6df23, < ccfee14f08b8699132b87bc6d78e0fa75bf094dd | ≥ 29ba89f1895285f06c333546882e0c5ae9a6df23, < ff6cdc407f4179748f4673c39b0921503199a0ad | 6.10
linux•linux_kernel
≥ 6.10, < 6.11.11 | ≥ 6.12, < 6.12.2