Details of VAR-202511-2375

ID

VAR-202511-2375

CVE

CVE-2025-62626

TITLE

AMD CPU entropy handling vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-29745

DESCRIPTION

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. AMD CPUs are a series of CPUs manufactured by AMD. AMD CPUs have a vulnerability due to improper entropy handling; detailed vulnerability information is not currently available

Trust: 1.44

sources: NVD: CVE-2025-62626 // CNVD: CNVD-2025-29745

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29745

AFFECTED PRODUCTS

vendor:

amd

model:

cpu

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-29745

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@amd.com:	CVE-2025-62626
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-29745
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29745
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-29745 // NVD: CVE-2025-62626

PROBLEMTYPE DATA

problemtype:

CWE-333

Trust: 1.0

sources: NVD: CVE-2025-62626

PATCH

title:

Patch for AMD CPU entropy handling vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/777091

Trust: 0.6

sources: CNVD: CNVD-2025-29745

EXTERNAL IDS

db:	NVD	id:	CVE-2025-62626	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29745	Trust: 0.6

sources: CNVD: CNVD-2025-29745 // NVD: CVE-2025-62626

REFERENCES

url:	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-62626	Trust: 0.6

sources: CNVD: CNVD-2025-29745 // NVD: CVE-2025-62626

SOURCES

db:	CNVD	id:	CNVD-2025-29745
db:	NVD	id:	CVE-2025-62626

LAST UPDATE DATE

2025-12-19T22:50:29.181000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29745	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-62626	date:	2025-11-25T22:16:42.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29745	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-62626	date:	2025-11-21T19:16:02.633