From: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
To: Siddh Raman Pant <siddh.raman.pant@oracle.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Date: Wed, 4 Jun 2025 11:28:03 +0200 [thread overview]
Message-ID: <2025060430-rimless-splinter-4131@gregkh> (raw)
In-Reply-To: <793ae4a30ab15d0993ce9152ce91b6b98a05b1a5.camel@oracle.com>
On Wed, Jun 04, 2025 at 09:24:12AM +0000, Siddh Raman Pant wrote:
> On Wed, 2 Apr 2025 13:51:58 +0100, Greg Kroah-Hartman wrote:
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
> >
> > [...]
> >
> > This does not have any security implications since flashing microcode is
> > a privileged operation but I believe this has reliability implications by
> > potentially corrupting memory while flashing a microcode update.
>
> If it is explicitly specified that this does not have any security
> implication, why is this a CVE?
>
> IMO this should be rejected.
Doesn't "causing corrupted memory when flashing a microcode update" fit
the cve.org definition of a "vulnerabilty"?
thanks,
greg k-h
next prev parent reply other threads:[~2025-06-04 9:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-02 12:51 CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Greg Kroah-Hartman
2025-06-04 9:24 ` Siddh Raman Pant
2025-06-04 9:28 ` gregkh [this message]
2025-06-04 9:54 ` Siddh Raman Pant
2025-06-04 10:00 ` gregkh
2025-06-04 10:36 ` Siddh Raman Pant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025060430-rimless-splinter-4131@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=siddh.raman.pant@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.