Home / mailingsPDF  

[USN-8475-1] AMD Microcode vulnerabilities

Posted on 25 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8475-1
June 25, 2026

amd64-microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in AMD Microcode.

Software Description:
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)

It was discovered that some AMD Zen 5 processors supporting RDSEED
instruction did not properly handle entropy, potentially resulting in the
consumption of insufficiently random values. A local attacker could
possibly use this issue to influence the values returned by the RDSEED
instruction causing loss of confidentiality and integrity. (CVE-2025-62626)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
amd64-microcode 3.20251202.1ubuntu0.25.10.1

Ubuntu 24.04 LTS
amd64-microcode 3.20251202.1ubuntu0.24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: For the most comprehensive protection, users should update
their system BIOS/UEFI to the latest version provided by their hardware
vendor. If the BIOS has not been updated, this microcode update will
apply the latest available mitigations that can be delivered via the
operating system. For more information, please see:
https://ubuntu.com/security/vulnerabilities/entrysign

References:
https://ubuntu.com/security/notices/USN-8475-1
CVE-2024-36350, CVE-2024-36357, CVE-2025-62626

Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.24.04.1

--===============2151029353189489177==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :