AMD has confirmed the existence of RDSEED failure on CPUs based on its latest Zen 5 architecture, a critical security vulnerability in its hardware-based random number generator. The company has confirmed the fault could lead to the random number generator putting out keys that aren’t fully unpredictable, opening up a vulnerability to users.
AMD is labeling the fault “AMD-SB-7055” and classifying it as a high-severity issue. Mitigations for the issues are rolling out now through January 2026, depending on the CPU mode. For instance, AMD has already rolled out mitigations of the issue for EPYC 9005 CPUs. Mitigations for AMD’s consumer-based Zen 5 chips, including the Ryzen 9000 series, AI Max 300 series, Threadripper 9000 series, and Ryzen Z2 series, are coming out on November 25th.
The failure specifically involves the RDSEED instruction on Zen 5 chips returning “0” in a non-randomized manner and signaling the failure incorrectly as a success. The 16-bit and 32-bit formats of the RDSEED instruction are affected, while the 64-bit version is reportedly not affected by the issue for reasons AMD did not specify.
This is a critical issue for cryptography applications that rely on RDSEED’s random number generation capabilities to provide fully unpredictable cryptography keys. If RDSEED fails, applications using it are at risk of attacks if the failure leads to a character pattern that is predictable.
RDSEED is one of two random key generation systems available on modern CPUs (including Intel chips). RDSEED is a true random-number generator and generates numbers by collecting entropy from the environment and storing a random bit pattern into a CPU register. RDRAND is faster but provides a random pattern from a deterministic random-number generator instead, which can be more predictable.
The issue was first discovered by a Meta engineer, who announced the issue on the Linux kernel mailing list (Phoronix reported in mid-October). The issue was not only the same as what AMD confirmed above, but was reliably reproducible by hammering RDSEED with one CPU thread and another thread “collectively eating and hammering on ~90% of memory…” A few days later, an updated Linux patch was posted that would disable RDSEED on all Zen 5 chips to stop the security vulnerability.
This isn’t the first time RDSEED has proven problematic on Zen-based processors. Cyan Skillfish, AMD’s Zen 2-based APUs, also suffered from a similar (but different) RDSEED failure that also forced the Linux community to disable RDSEED functionality on those chips.
Stay On the Cutting Edge: Get the Tom’s Hardware Newsletter
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Thankfully, AMD will have AGESA microcode updates out soon to rectify this issue across all Zen 5 CPUs. In the meantime (for chips that don’t have the mitigation yet), AMD recommends its users switch to its unaffected 64-bit form of RDSEED or switch to a software fallback.
Per fornire le migliori esperienze, utilizziamo tecnologie come i cookie per memorizzare e/o accedere alle informazioni del dispositivo. Il consenso a queste tecnologie ci permetterà di elaborare dati come il comportamento di navigazione o ID unici su questo sito. Non acconsentire o ritirare il consenso può influire negativamente su alcune caratteristiche e funzioni.
Funzionale
Always active
L'archiviazione tecnica o l'accesso sono strettamente necessari al fine legittimo di consentire l'uso di un servizio specifico esplicitamente richiesto dall'abbonato o dall'utente, o al solo scopo di effettuare la trasmissione di una comunicazione su una rete di comunicazione elettronica.
Preferenze
L'archiviazione tecnica o l'accesso sono necessari per lo scopo legittimo di memorizzare le preferenze che non sono richieste dall'abbonato o dall'utente.
Statistiche
L'archiviazione tecnica o l'accesso che viene utilizzato esclusivamente per scopi statistici.L'archiviazione tecnica o l'accesso che viene utilizzato esclusivamente per scopi statistici anonimi. Senza un mandato di comparizione, una conformità volontaria da parte del vostro Fornitore di Servizi Internet, o ulteriori registrazioni da parte di terzi, le informazioni memorizzate o recuperate per questo scopo da sole non possono di solito essere utilizzate per l'identificazione.
Marketing
L'archiviazione tecnica o l'accesso sono necessari per creare profili di utenti per inviare pubblicità, o per tracciare l'utente su un sito web o su diversi siti web per scopi di marketing simili.
Leave a Reply