CVE-2025-37751

low-risk

Published 2025-05-01

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table The NULL array terminator at the end of erratum_1386_microcode was removed during the switch from x86_cpu_desc to x86_cpu_id. This causes readers to run off the end of the array. Replace the NULL.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Affected Vendors

Linux

References (2)

Patch https://git.kernel.org/stable/c/1b518f73f1b6f59e083ec33dea22d9a1a275a970

Patch https://git.kernel.org/stable/c/f0df00ebc57f803603f2a2e0df197e51f06fbe90

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low