"The flaw, tracked as CVE-2025-62626 (7.2), affects Zen 5 chips running on 16-bit and 32-bit architectures. The bug involves RDSEED, a function that generates high-quality random numbers used by security keys. RDSEED provides the true entropy that's required by apps generating high-strength cryptographic keys. An attacker with local privileges could manipulate the values returned by RDSEED, which in some cases return 0 instead of a random number, and treat it as an acceptable output."
"However, given the local access requirement an attacker would already have significant system control. AMD said that, while it works on a microcode patch behind the scenes, those using affected chips have a few workarounds to choose from. They can opt to use the 64-bit version of RDSEED where available, which is not affected by CVE-2025-62626. Users can also prevent applications from discovering the RSEED function, either by adding clearcpuid=rdseed to the boot command line."
Zen 5 processors running 16-bit and 32-bit code are affected by CVE-2025-62626, a high-severity flaw in the RDSEED instruction that can return zero instead of true random values. RDSEED supplies entropy used to produce high-strength cryptographic keys, and manipulated outputs could weaken keys and enable decryption or credential access. Exploitation requires local privileges, meaning an attacker would already hold significant system control. AMD plans microcode updates and offers workarounds, including using the unaffected 64-bit RDSEED where available and hiding RDSEED via clearcpuid=rdseed at boot. Some Epyc 9005 fixes are released; other updates follow in coming months.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]