Name of the Vulnerable Software and Affected Versions
AMD processors (affected versions not specified)
Description
A flaw exists in the RDSEED instruction used for hardware-level random number generation on Zen 5 CPUs. This issue can cause the 16-bit and 32-bit versions of RDSEED to produce predictable values, potentially compromising the cybersecurity of users. The issue was discovered by a Meta engineer and can be reliably reproduced by creating a high memory load while simultaneously requesting random numbers from RDSEED. This causes the random number generator to output zeros while still reporting successful task completion. The vulnerability is tracked as AMD-SB-7055. A patch has been released for EPYC 9005 processors, and updates are planned for Ryzen 9000, AI Max 300, Threadripper 9000, and Ryzen Z2 processors on November 25th. The Linux kernel team has also released a patch to disable RDSEED on all Zen 5 chips.
Recommendations
For EPYC 9005 processors, apply the released firmware update.
For Ryzen 9000, AI Max 300, Threadripper 9000, and Ryzen Z2 processors, apply the updates scheduled for release on November 25th.
Until microcode AGESA updates are available, switch to the 64-bit version of RDSEED, which functions correctly.
As a temporary workaround, disable RDSEED on Zen 5 chips by applying the Linux kernel patch.