Bug 2488364 - CVE-2026-0438 linux-firmware: Arbitrary code execution in System Management Mode [fedora-all] [NEEDINFO]
Summary: CVE-2026-0438 linux-firmware: Arbitrary code execution in System Management M...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: linux-firmware
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: David Woodhouse
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["ef50dbdc-062e-4095-bf20-9...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-12 14:38 UTC by Michalis Papadopoullos
Modified: 2026-06-12 22:31 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-06-12 21:21:18 UTC
Type: ---
Embargoed:
pbrobinson: needinfo? (mpapadop)


Attachments (Terms of Use)

Description Michalis Papadopoullos 2026-06-12 14:38:18 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Eugene Syromyatnikov 2026-06-12 20:57:09 UTC
AMD x86 CPU microcode is maintained as part of the linux-firmware package, reassigning.

Comment 2 Peter Robinson 2026-06-12 21:21:18 UTC
Another pointless zero research bug from RH security (why do people pay for this exactly). This isn't a CPU patchable firmware and hence isn't dealt with by linux kernel applyable firmware AT ALL. It has to be provided by a early boot vendor firmware.

PLEASE red hat security please do some BASIC research for your bugs, at least for your paid customers!


Note You need to log in before you can comment on or make changes to this bug.