| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025041602-CVE-2025-22047-9cc8@gregkh> Date: Wed, 16 Apr 2025 16:12:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-22047: x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Description =========== In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix __apply_microcode_amd()'s return value When verify_sha256_digest() fails, __apply_microcode_amd() should propagate the failure by returning false (and not -1 which is promoted to true). The Linux kernel CVE team has assigned CVE-2025-22047 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.81 with commit bef830144febedb7de86863ae99d8f53bed76e95 and fixed in 6.6.87 with commit 763f4d638f71cb45235395790a46e9f9e84227fd Issue introduced in 6.12.18 with commit 3e8653e399e7111a3e87d534ff4533b250ae574f and fixed in 6.12.23 with commit ada88219d5315fc13f2910fe278c7112d8d68889 Issue introduced in 6.13.6 with commit c162ba4f45ab6ef3b7114af6fb419f1833f050c0 and fixed in 6.13.11 with commit d295c58fad1d5ab987a81f139dd21498732c4f13 Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.14.2 with commit 7f705a45f130a85fbf31c2abdc999c65644c8307 Issue introduced in 6.14 with commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 and fixed in 6.15-rc1 with commit 31ab12df723543047c3fc19cb8f8c4498ec6267f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-22047 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/kernel/cpu/microcode/amd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/763f4d638f71cb45235395790a46e9f9e84227fd https://git.kernel.org/stable/c/ada88219d5315fc13f2910fe278c7112d8d68889 https://git.kernel.org/stable/c/d295c58fad1d5ab987a81f139dd21498732c4f13 https://git.kernel.org/stable/c/7f705a45f130a85fbf31c2abdc999c65644c8307 https://git.kernel.org/stable/c/31ab12df723543047c3fc19cb8f8c4498ec6267f
Powered by blists - more mailing lists