Linux Kernel x86 Microcode AMD Return Value Propagation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of AMD microcode has been addressed. The issue arose in the function __apply_microcode_amd(), which incorrectly returned -1 when the verification of a SHA256 digest failed. This erroneous return value was interpreted as a success, rather than indicating a failure. The vulnerability could potentially lead to improper microcode application, with unknown consequences.

Impact

The vulnerability could result in microcode not being applied correctly, which may lead to stability or performance issues, or prevent certain CPU features from being utilized as intended.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel x86 Microcode AMD Return Value Propagation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating