CVE-2024-56721: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56721 affects the Linux kernel and was discovered on December 29, 2024. The vulnerability is related to the x86/CPU/AMD subsystem, specifically involving the erratum_1386_microcode array implementation. The issue occurs because the array lacks a required empty entry at its end, which causes x86_match_cpu_with_stepping() to continue iterating beyond the array's bounds (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 7.1 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). The issue affects Linux kernel versions from 6.10 up to (excluding) 6.11.11 and versions from 6.12 up to (excluding) 6.12.2. The technical root cause is that the erratum_1386_microcode array continues iteration beyond its intended bounds due to a missing terminating empty entry (NVD).

The vulnerability could lead to an out-of-bounds read condition in the Linux kernel's x86/CPU/AMD subsystem. This could potentially result in information disclosure and system instability when the affected code path is executed (NVD).

The vulnerability has been fixed by adding an empty entry at the end of the erratum_1386_microcode array. The fix is available in Linux kernel versions 6.11.11 and 6.12.2 and later. System administrators should update their Linux kernel to these patched versions (Kernel Patch).