[Bug 2131562] Re: Apply fixes for CVE-2025-62626 Solution

Juerg Haefliger 2131562 at bugs.launchpad.net
Tue Jan 13 14:10:59 UTC 2026 

** Package changed: linux-firmware (Ubuntu) => amd64-microcode (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2131562

Title:
  Apply fixes for CVE-2025-62626 Solution

Status in amd64-microcode package in Ubuntu:
  New
Status in linux package in Ubuntu:
  New
Status in linux-oem-6.10 package in Ubuntu:
  New
Status in linux-oem-6.14 package in Ubuntu:
  New
Status in linux-oem-6.17 package in Ubuntu:
  New

Bug description:
  CVE-2025-62626 (AKA AMD-SB-7055) is a vulnerability in the instruction
  RDSEED's 16-bit and 32-bit returns.  It affects AMD Zen 5 hardware.

  https://www.amd.com/en/resources/product-security/bulletin/amd-
  sb-7055.html

  There are multiple things that need to be done about this
  vulnerability.

  1) Updated linux-firmware microcode has been upstreamed for Zen5
  hardware.  This affects both client and datacenter hardware.

  https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-
  firmware.git/commit/?id=6167e5566900cf236f7a69704e8f4c441bc7212a

  2) A mitigation has been put in place in the kernel for when there is
  NOT an updated microcode available.  This disables the advertisement
  of the RDSEED instruction to userspace and prevents it's use in the
  kernel.  As there is no feature flag for 16, 32 and 64 it
  unfortunately disables all of them.

  https://git.kernel.org/torvalds/c/607b9fb2ce248
  https://git.kernel.org/torvalds/c/f1fdffe0afea0

  3) Additional models need to be added to entry sign checking.  In
  order to apply the fix for rdseed the base information for entry sign
  must be present.

  https://git.kernel.org/torvalds/c/8a9fb5129e8e6
  https://git.kernel.org/torvalds/c/d23550efc6800
  https://git.kernel.org/torvalds/c/dd14022a7ce96

  4) Allow client systems to use RDSEED.

  https://git.kernel.org/torvalds/c/e1a97a627cd01

  These kernel and firmware changes should be applied to all kernels
  that support Zen 5.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2131562/+subscriptions

More information about the foundations-bugs mailing list