The vulnerability of the `load_ucode_amd_bsp()` function in the `arch/x86/kernel/cpu/microcode/amd.c` module of the Linux operating system allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 07 Mar 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in load_ucode_amd_bsp() in arch/x86 kernel microcode enables resource injection, compromising confidentiality, integrity, and availability.

Reporter	Title	Published	Views	Family All 72
ATTACKERKB	CVE-2024-36347	27 Jun 202523:15	–	attackerkb
Amd	AMD CPU Microcode Signature Verification Vulnerability	5 Mar 202500:00	–	amd
Circl	CVE-2024-36347	14 Apr 202505:30	–	circl
CNNVD	AMD Processors 安全漏洞	10 Mar 202500:00	–	cnnvd
CVE	CVE-2024-36347	27 Jun 202522:14	–	cve
Cvelist	CVE-2024-36347	27 Jun 202522:14	–	cvelist
Debian CVE	CVE-2024-36347	27 Jun 202522:14	–	debiancve
EUVD	EUVD-2024-54719	3 Oct 202520:07	–	euvd
Hewlett-Packard	AMD CPU Microcode Security Update	13 May 202500:00	–	hp
Mageia	Updated microcode packages fix security vulnerability	5 Nov 202520:16	–	mageia

Source	Link
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
bughunters	www.bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
git	www.git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8
github	www.github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
vuldb	www.vuldb.com/ru/
amd	www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
cve	www.cve.org/CVERecord
openwall	www.openwall.com/lists/oss-security/2025/03/05/3

09 Feb 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 25.9

CVSS 36.4

EPSS0.00023

load_ucode_amd_bsp resource_injection linux_vulnerability microcode_security