AMD has confirmed a high-severity vulnerability within the RDSEED instruction of its latest Zen 5 architecture CPUs, which compromises the hardware random number generator. This flaw can cause the generator to produce predictable cryptographic keys, posing a significant security risk to systems that depend on it. The issue, officially identified as "AMD-SB-7055," affects the 16-bit and 32-bit versions of the RDSEED command, though the 64-bit variant remains functional.
The company has initiated a rolling mitigation plan, with fixes for EPYC 9005 server processors already available. Updates for consumer models, including the Ryzen 9000 and Threadripper 9000 series, are scheduled for a late November release, with the full rollout expected to continue into early 2026. The flaw was first publicly detailed by a Meta engineer, whose testing showed it could be reliably triggered under specific system load conditions.
In response, Linux kernel developers have already implemented a temporary patch that disables the vulnerable instruction on Zen 5 processors. This is not the first such issue for AMD, as a previous generation of APUs also experienced a similar RDSEED failure. Until the microcode updates are widely deployed, AMD recommends using the unaffected 64-bit RDSEED or a software-based random number generator as a fallback to maintain system security.
Read more...