Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cryptography risk. Show all posts
Vulnerabilties and Expolits
AGESA update AMD Zen 5 CPU random number generator cryptography risk Linux patch RDSEED failure Vulnerabilties and Expolits

AMD Confirms High-Severity RDSEED Vulnerability in Zen 5 CPUs, Mitigations Rolling Out Through Early 2026

 

AMD has officially acknowledged a critical flaw in the RDSEED instruction found in CPUs built on its new Zen 5 architecture, identifying it as a major security risk within the hardware random number generator. According to the company, this malfunction can cause the generator to produce keys that are not fully unpredictable, potentially exposing users to security threats.

The issue, labeled "AMD-SB-7055", has been categorized as high severity. AMD has begun releasing fixes, with the complete rollout expected to continue through January 2026 depending on CPU type. The company says mitigations are already in place for EPYC 9005 processors, while updates for consumer-focused Zen 5 models—such as the Ryzen 9000 series, AI Max 300 series, Threadripper 9000 series, and Ryzen Z2 lineup—are scheduled for November 25.

At the core of the problem is the RDSEED instruction returning "0" in a predictable way while incorrectly reporting successful operation. The flaw affects the 16-bit and 32-bit versions of RDSEED, though the 64-bit variant is said to be unaffected, with AMD not elaborating on the reason. This behavior poses a significant danger to cryptographic systems that rely on RDSEED for generating truly unpredictable keys. If the instruction fails silently, it could result in predictable patterns that attackers may exploit.

RDSEED is one of two random key–generation mechanisms commonly available in modern processors. It collects environmental entropy to produce true random values, while RDRAND—though faster—relies on a deterministic method that can be more predictable.

The vulnerability was initially identified by a Meta engineer, who described the issue on the Linux kernel mailing list (first covered by Phoronix in mid-October). Their tests showed the problem could be consistently triggered by stressing RDSEED on one CPU thread while another consumed around 90% of system memory. Soon after, Linux developers submitted a patch disabling RDSEED across all Zen 5 processors to prevent exploitation.

This is not the first RDSEED-related issue to surface on AMD hardware. Previous Zen 2-based APUs, known as Cyan Skillfish, encountered a different but similarly impactful RDSEED failure that also led to the Linux community disabling the instruction.

AMD states that AGESA microcode updates will soon address the vulnerability across all Zen 5 systems. Until those updates arrive, the company advises users to rely on the unaffected 64-bit RDSEED format or use a software-based fallback.
Read more »
Subscribe to: Comments (Atom)