AMD "Zen 5" RDSEED Flaw Poses Risk to Cryptographic Key Generation

AMD Identifies Hardware Flaw in RDSEED Instruction on Zen 5 Processors

AMD has officially disclosed a hardware vulnerability affecting the RDSEED instruction on its latest Zen 5 CPUs. Cataloged as AMD-SB-7055 and tracked under CVE-2025-62626, this issue impacts the 16-bit and 32-bit variants of the RDSEED instruction, which are critical for generating entropy in cryptographic operations. The flaw allows these forms to return zero values, potentially leading software to mistakenly accept them as valid entropy sources. Notably, the 64-bit RDSEED instruction remains unaffected.

Security Implications and Severity

RDSEED is a fundamental instruction used to supply entropy for cryptographic keys, nonces, and other security-sensitive operations. If the instruction returns predictable or zero values without detection, it can undermine the strength of cryptographic keys, making systems more vulnerable to attacks. AMD has classified this vulnerability as high severity due to the potential impact on cryptographic security.

Recommended Workarounds and Updates

To mitigate the risk until permanent fixes are available, AMD recommends several short-term software workarounds:

Prioritize the use of the 64-bit RDSEED instruction wherever possible.
Mask the affected RDSEED forms from software discovery to prevent their use.
Treat any zero return value from RDSEED as a failure and retry the operation.

AMD is actively distributing firmware and microcode updates to OEM partners. These updates are designed to address the defect at the hardware level. For example, the AGESA TurinPI 1.0.0.8 update for EPYC 9005 processors is scheduled for release on November 14, 2025, with updates for consumer processor families expected later in November 2025.

Action Steps for Users and Administrators

Users and IT administrators are strongly advised to install vendor-supplied BIOS and microcode updates as soon as they become available. Additionally, any sensitive cryptographic keys or credentials generated on systems prior to patching should be regenerated to ensure their integrity and security.

Summary

The hardware defect in the RDSEED instruction on AMD Zen 5 processors highlights the importance of robust entropy sources in cryptographic operations. By following AMD’s recommended workarounds and applying firmware updates promptly, users can mitigate the risk and maintain the security of their systems.

Maya Stein Maya is a tech journalist who specializes in PC hardware and semiconductor industry trends. When she’s not writing, she’s building custom PCs and testing the latest peripherals.