Critical vulnerability in AMD Zen 5 CPUs could make encryption keys predictable

AMD is rolling out patches for some affected CPUs

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

What we know so far: AMD has revealed that its Zen 5 processors are affected by a critical security vulnerability that compromises the reliability of their hardware-based random number generator, potentially resulting in the creation of predictable encryption keys. The company has begun rolling out mitigations for the affected CPUs, with the process expected to be completed by January 2026.

Cataloged as AMD-SB-7055 and tracked as CVE-2025-62626, the vulnerability in the RDSEED instruction is classified as High Severity because it could allow local attackers to manipulate the values returned by RDSEED, forcing it to generate zero in a non-randomized manner. This flaw can lead to a loss of both confidentiality and integrity.

The bug also prevents systems from verifying the randomness of the generated numbers and may incorrectly signal failures as successes – a catastrophic lapse in cryptographic security that could result in supposedly random keys containing predictable zero values. AMD noted that only the 16-bit and 32-bit forms of the RDSEED instruction are affected, while the 64-bit variant remains unaffected.

The RDSEED issue was discovered by a Meta engineer in mid-October, after which an updated kernel patch was released via the Linux Kernel Mailing List, disabling RDSEED on all Linux systems running on Zen 5 processors. AMD stated that the security flaw was not formally reported through its Coordinated Vulnerability Disclosure (CVD) process.

AMD has already released microcode updates to address the flaw in its Epyc 9005 "Turin" processors, while patches for consumer-grade Zen 5 chips – including the Ryzen 9000 series, Ryzen AI Max 300 series, Threadripper 9000 series, and Ryzen Z2 series – are expected later this month. Security fixes for embedded Zen 5 chips are slated to roll out to OEM partners in January 2026.

To mitigate the issue until official updates are available, AMD recommends three workarounds.

// Related Stories

• User backlash spurs AMD to clarify "maintenance mode" driver updates for Radeon RX 5000 and 6000 GPUs
• OpenAI's ChatGPT Atlas is vulnerable to prompt injection attacks within the omnibox

First, users should switch to the 64-bit form of RDSEED, which is not affected by the vulnerability. Alternatively, they can disable RDSEED capability in the operating system and software by using the clearcpuid=rdseed boot parameter or equivalent QEMU command-line options.

Finally, users should treat all "zero" values returned by RDSEED as failures and retry the instruction until a non-zero value is generated.

This is not the first time AMD's Zen-based CPUs have encountered an RDSEED-related flaw. In 2021, the Zen 2 – based "Cyan Skillfish" APUs were affected by a critical bug that caused RDSEED to always return 0xffffffff instead of random numbers, while the RDRAND instruction continued to function correctly. As a temporary workaround, the Linux community issued a kernel update that disabled RDSEED on affected Cyan Skillfish chips.