[Bug 2131562] [NEW] Apply fixes for CVE-2025-62626 Solution

Launchpad Bug Tracker 2131562 at bugs.launchpad.net
Tue Jan 13 14:11:02 UTC 2026 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

CVE-2025-62626 (AKA AMD-SB-7055) is a vulnerability in the instruction
RDSEED's 16-bit and 32-bit returns.  It affects AMD Zen 5 hardware.

https://www.amd.com/en/resources/product-security/bulletin/amd-
sb-7055.html

There are multiple things that need to be done about this vulnerability.

1) Updated linux-firmware microcode has been upstreamed for Zen5
hardware.  This affects both client and datacenter hardware.

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-
firmware.git/commit/?id=6167e5566900cf236f7a69704e8f4c441bc7212a

2) A mitigation has been put in place in the kernel for when there is
NOT an updated microcode available.  This disables the advertisement of
the RDSEED instruction to userspace and prevents it's use in the kernel.
As there is no feature flag for 16, 32 and 64 it unfortunately disables
all of them.

https://git.kernel.org/torvalds/c/607b9fb2ce248
https://git.kernel.org/torvalds/c/f1fdffe0afea0

3) Additional models need to be added to entry sign checking.  In order
to apply the fix for rdseed the base information for entry sign must be
present.

https://git.kernel.org/torvalds/c/8a9fb5129e8e6
https://git.kernel.org/torvalds/c/d23550efc6800
https://git.kernel.org/torvalds/c/dd14022a7ce96

4) Allow client systems to use RDSEED.

https://git.kernel.org/torvalds/c/e1a97a627cd01

These kernel and firmware changes should be applied to all kernels that
support Zen 5.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: amd64-microcode (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-oem-6.10 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-oem-6.14 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-oem-6.17 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Apply fixes for CVE-2025-62626 Solution
https://bugs.launchpad.net/bugs/2131562
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.

More information about the foundations-bugs mailing list