cve/published/2025/CVE-2025-22047.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-22047: x86/microcode/AMD: Fix __apply_microcode_amd()'s return value

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 x86/microcode/AMD: Fix __apply_microcode_amd()'s return value

 When verify_sha256_digest() fails, __apply_microcode_amd() should propagate
 the failure by returning false (and not -1 which is promoted to true).

 The Linux kernel CVE team has assigned CVE-2025-22047 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.6.81 with commit bef830144febedb7de86863ae99d8f53bed76e95 and fixed in 6.6.87 with commit 763f4d638f71cb45235395790a46e9f9e84227fd
 	Issue introduced in 6.12.18 with commit 3e8653e399e7111a3e87d534ff4533b250ae574f and fixed in 6.12.23 with commit ada88219d5315fc13f2910fe278c7112d8d68889
 	Issue introduced in 6.13.6 with commit c162ba4f45ab6ef3b7114af6fb419f1833f050c0 and fixed in 6.13.11 with commit d295c58fad1d5ab987a81f139dd21498732c4f13
 	Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.14.2 with commit 7f705a45f130a85fbf31c2abdc999c65644c8307
 	Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.15 with commit 31ab12df723543047c3fc19cb8f8c4498ec6267f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-22047
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/x86/kernel/cpu/microcode/amd.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd
 	https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889
 	https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13
 	https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307
 	https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-22047: x86/microcode/AMD: Fix __apply_microcode_amd()'s return value

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	x86/microcode/AMD: Fix __apply_microcode_amd()'s return value

	When verify_sha256_digest() fails, __apply_microcode_amd() should propagate
	the failure by returning false (and not -1 which is promoted to true).

	The Linux kernel CVE team has assigned CVE-2025-22047 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.6.81 with commit bef830144febedb7de86863ae99d8f53bed76e95 and fixed in 6.6.87 with commit 763f4d638f71cb45235395790a46e9f9e84227fd
	Issue introduced in 6.12.18 with commit 3e8653e399e7111a3e87d534ff4533b250ae574f and fixed in 6.12.23 with commit ada88219d5315fc13f2910fe278c7112d8d68889
	Issue introduced in 6.13.6 with commit c162ba4f45ab6ef3b7114af6fb419f1833f050c0 and fixed in 6.13.11 with commit d295c58fad1d5ab987a81f139dd21498732c4f13
	Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.14.2 with commit 7f705a45f130a85fbf31c2abdc999c65644c8307
	Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.15 with commit 31ab12df723543047c3fc19cb8f8c4498ec6267f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-22047
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/x86/kernel/cpu/microcode/amd.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd
	https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889
	https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13
	https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307
	https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f