AMD confirms security vulnerability on Zen 5-based CPUs that generates potentially predictable keys — RDSEED fix coming through an AGESA firmware update for desktop chips
3 weeks ago
41
(Image credit: AMD)
AMD has confirmed the existence of RDSEED failure on CPUs based on its latest Zen 5 architecture, a critical security vulnerability in its hardware-based random number generator. The company has confirmed the fault could lead to the random number generator putting out keys that aren't fully unpredictable, opening up a vulnerability to users.
AMD is labeling the fault "AMD-SB-7055" and classifying it as a high-severity issue. Mitigations for the issues are rolling out now through January 2026, depending on the CPU mode. For instance, AMD has already rolled out mitigations of the issue for EPYC 9005 CPUs. Mitigations for AMD's consumer-based Zen 5 chips, including the Ryzen 9000 series, AI Max 300 series, Threadripper 9000 series, and Ryzen Z2 series, are coming out on November 25th.
The failure specifically involves the RDSEED instruction on Zen 5 chips returning "0" in a non-randomized manner and signaling the failure incorrectly as a success. The 16-bit and 32-bit formats of the RDSEED instruction are affected, while the 64-bit version is reportedly not affected by the issue for reasons AMD did not specify.
This is a critical issue for cryptography applications that rely on RDSEED's random number generation capabilities to provide fully unpredictable cryptography keys. If RDSEED fails, applications using it are at risk of attacks if the failure leads to a character pattern that is predictable.
RDSEED is one of two random key generation systems available on modern CPUs (including Intel chips). RDSEED is a true random-number generator and generates numbers by collecting entropy from the environment and storing a random bit pattern into a CPU register. RDRAND is faster but provides a random pattern from a deterministic random-number generator instead, which can be more predictable.
The issue was first discovered by a Meta engineer, who announced the issue on the Linux kernel mailing list (Phoronix reported in mid-October). The issue was not only the same as what AMD confirmed above, but was reliably reproducible by hammering RDSEED with one CPU thread and another thread "collectively eating and hammering on ~90% of memory..." A few days later, an updated Linux patch was posted that would disable RDSEED on all Zen 5 chips to stop the security vulnerability.
This isn't the first time RDSEED has proven problematic on Zen-based processors. Cyan Skillfish, AMD's Zen 2-based APUs, also suffered from a similar (but different) RDSEED failure that also forced the Linux community to disable RDSEED functionality on those chips.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Thankfully, AMD will have AGESA microcode updates out soon to rectify this issue across all Zen 5 CPUs. In the meantime (for chips that don't have the mitigation yet), AMD recommends its users switch to its unaffected 64-bit form of RDSEED or switch to a software fallback.
AMD confirms security vulnerability on Zen 5-based CPUs that generates potentially predictable keys — RDSEED fix coming through an AGESA firmware update for desktop chips
3 weeks ago
41
English (US) ·