CVE-2025-62626

NameCVE-2025-62626
DescriptionRDSEED Failure on AMD Zen 5 Processors
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1120005

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amd64-microcode (PTS)bullseye/non-free3.20240820.1~deb11u1vulnerable
bullseye/non-free (security)3.20250311.1~deb11u1vulnerable
bookworm/non-free-firmware3.20250311.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20230719.1~deb12u1vulnerable
forky/non-free-firmware, sid/non-free-firmware, trixie/non-free-firmware3.20250311.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amd64-microcodesource(unstable)(unfixed)1120005

Notes

[trixie] - amd64-microcode <ignored> (Only affects AMD Zen 5 processors, limited support; problematic microcode update)
[bookworm] - amd64-microcode <ignored> (Only affects AMD Zen 5 processors, limited support; problematic microcode update)
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html
Workaround in Linux kernel by diabling RDSEED on AMD Zen 5 Turin:
https://lore.kernel.org/lkml/20251016182107.3496116-1-gourry@gourry.net/
Search for package or bug name: Reporting problems