Primary

Context

Linux Kernel INVLPGB Flag Misconfiguration Vulnerability on AMD Zen2 Processors

Vulnerability

Patched

A vulnerability exists in the Linux kernel's handling of the INVLPGB instruction for certain AMD Zen2 processors, specifically the Cyan Skillfish model. This issue arises from a misconfigured CPUID that incorrectly reports the INVLPGB bit, leading to system crashes when TLB flushes are performed using this instruction. The kernel's representation of the INVLPGB flag has been corrected to prevent confusion.

Impact

The vulnerability causes system crashes and panics due to improper handling of the INVLPGB instruction, which is used for TLB flush operations.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux Kernel Archive.

Added: Aug 16, 2025, 11:20 AM

Updated: Aug 16, 2025, 11:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel INVLPGB Flag Misconfiguration Vulnerability on AMD Zen2 Processors

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating