CVE-2025-22047

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22047
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22047.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-22047
Downstream
Related
Published
2025-04-16T14:12:07.061Z
Modified
2025-11-20T08:56:21.358391Z
Summary
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/microcode/AMD: Fix _applymicrocode_amd()'s return value

When verifysha256digest() fails, _applymicrocode_amd() should propagate the failure by returning false (and not -1 which is promoted to true).

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bef830144febedb7de86863ae99d8f53bed76e95
Fixed
763f4d638f71cb45235395790a46e9f9e84227fd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3e8653e399e7111a3e87d534ff4533b250ae574f
Fixed
ada88219d5315fc13f2910fe278c7112d8d68889
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c162ba4f45ab6ef3b7114af6fb419f1833f050c0
Fixed
d295c58fad1d5ab987a81f139dd21498732c4f13
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
50cef76d5cb0e199cda19f026842560f6eedc4f7
Fixed
7f705a45f130a85fbf31c2abdc999c65644c8307
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
50cef76d5cb0e199cda19f026842560f6eedc4f7
Fixed
31ab12df723543047c3fc19cb8f8c4498ec6267f

Affected versions

v6.*

v6.12.18
v6.12.19
v6.12.20
v6.12.21
v6.12.22
v6.13.10
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180332027797086986882648166638672886510",
                "321568667074273749330243012951697403718",
                "134511352199910360753021546033046709701",
                "240120701582687923623560927486452976529"
            ]
        },
        "id": "CVE-2025-22047-43b27a4b",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31ab12df723543047c3fc19cb8f8c4498ec6267f",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c",
            "function": "__apply_microcode_amd"
        },
        "digest": {
            "function_hash": "289703858120393609836789986466189321418",
            "length": 563.0
        },
        "id": "CVE-2025-22047-935168ac",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@763f4d638f71cb45235395790a46e9f9e84227fd",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c",
            "function": "__apply_microcode_amd"
        },
        "digest": {
            "function_hash": "289703858120393609836789986466189321418",
            "length": 563.0
        },
        "id": "CVE-2025-22047-9614fef9",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31ab12df723543047c3fc19cb8f8c4498ec6267f",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180332027797086986882648166638672886510",
                "321568667074273749330243012951697403718",
                "134511352199910360753021546033046709701",
                "240120701582687923623560927486452976529"
            ]
        },
        "id": "CVE-2025-22047-9d3eff78",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@763f4d638f71cb45235395790a46e9f9e84227fd",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180332027797086986882648166638672886510",
                "321568667074273749330243012951697403718",
                "134511352199910360753021546033046709701",
                "240120701582687923623560927486452976529"
            ]
        },
        "id": "CVE-2025-22047-c6882a9f",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ada88219d5315fc13f2910fe278c7112d8d68889",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "arch/x86/kernel/cpu/microcode/amd.c",
            "function": "__apply_microcode_amd"
        },
        "digest": {
            "function_hash": "289703858120393609836789986466189321418",
            "length": 563.0
        },
        "id": "CVE-2025-22047-ed621fb0",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ada88219d5315fc13f2910fe278c7112d8d68889",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2