Out-of-Bounds The advisory has been revoked - it doesn't affect any version of package kernel-rt-debug-kvm  (opens in a new tab)


Threat Intelligence

EPSS
0.03% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-KERNELRTDEBUGKVM-8875585
  • published28 Feb 2025
  • disclosed29 Dec 2024

Introduced: 29 Dec 2024

CVE-2024-56721  (opens in a new tab)
CWE-119  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-debug-kvm package and not the kernel-rt-debug-kvm package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU/AMD: Terminate the erratum_1386_microcode array

The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended.

Add an empty entry to erratum_1386_microcode to its end.