1. Ubuntu Security Notices
  2. USN-8475-1

USN-8475-1: AMD Microcode vulnerabilities

Publication date

25 June 2026

Overview

Several security issues were fixed in AMD Microcode.

Releases

Packages

Details

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)

It was discovered that some AMD Zen 5 processors supporting RDSEED
instruction did not properly handle entropy, potentially resulting in the
consumption of insufficiently random values. A local attacker could
possibly use this issue to influence the values returned by the RDSEED
instruction causing loss of confidentiality and integrity. (CVE-2025-62626)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)

It was discovered that some AMD Zen 5 processors supporting RDSEED
instruction did not properly handle entropy, potentially resulting in the
consumption of insufficiently random values. A local attacker could
possibly use this issue to influence the values returned by the RDSEED
instruction causing loss of confidentiality and integrity. (CVE-2025-62626)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: For the most comprehensive protection, users should update their system BIOS/UEFI to the latest version provided by their hardware vendor. If the BIOS has not been updated, this microcode update will apply the latest available mitigations that can be delivered via the operating system. For more information, please see: https://ubuntu.com/security/vulnerabilities/entrysign

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
25.10 questing amd64-microcode –  3.20251202.1ubuntu0.25.10.1
24.04 LTS noble amd64-microcode –  3.20251202.1ubuntu0.24.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›