CVE-2025-22047

Advisory lineage Upstream: 0 Downstream: 33

Downstream

DEBIAN-CVE-2025-22047 MGASA-2025-0142 MGASA-2025-0146 SUSE-SU-2026:0447-1 SUSE-SU-2026:0471-1 SUSE-SU-2026:0472-1

Analyzed

Published: 16 Apr 2025, 14:12

Last modified:23 May 2026, 15:57

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.08% LOW

0% probability +0.06%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Apr 2025, 14:12

Published

Vulnerability first disclosed

23 May 2026, 15:57

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix __apply_microcode_amd()'s return value When verify_sha256_digest() fails, __apply_microcode_amd() should propagate the failure by returning false (and not -1 which is promoted to true).

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.08%• Percentile: 24%

Affected Systems

linux•linux
≥ bef830144febedb7de86863ae99d8f53bed76e95, < 763f4d638f71cb45235395790a46e9f9e84227fd | ≥ 3e8653e399e7111a3e87d534ff4533b250ae574f, < ada88219d5315fc13f2910fe278c7112d8d68889 | ≥ c162ba4f45ab6ef3b7114af6fb419f1833f050c0, < d295c58fad1d5ab987a81f139dd21498732c4f13 | ≥ 50cef76d5cb0e199cda19f026842560f6eedc4f7, < 7f705a45f130a85fbf31c2abdc999c65644c8307 | ≥ 50cef76d5cb0e199cda19f026842560f6eedc4f7, < 31ab12df723543047c3fc19cb8f8c4498ec6267f | ≥ 6.6.81, < 6.6.87 | ≥ 6.12.18, < 6.12.23 | ≥ 6.13.6, < 6.13.11 | 6.14
linux•linux_kernel
≥ 6.6.81, < 6.6.87 | ≥ 6.12.18, < 6.12.23 | ≥ 6.13.6, < 6.13.11 | 6.14 | 6.14:rc6 | 6.14:rc7 | 6.14.1