In mid-October, a Meta engineer publicly pointed out an anomaly in the RDSEED instruction of AMD's Zen 5 architecture CPUs on the Linux kernel mailing list. This week, AMD officially released a notification (AMD-SB-7055) confirming the issue and stating that it will fix it via a microcode update.
According to the notification, affected processors may incorrectly return a value of 0 when executing the 16-bit and 32-bit forms of the RDSEED instruction, while incorrectly marking a "success" signal (carry flag CF=1), leading to abnormal random number generation results. This flaw is rated as "high severity," potentially threatening system confidentiality and data integrity. Notably, the 64-bit form of the RDSEED instruction is unaffected.
Before the fix is released, AMD recommends developers take temporary measures: prioritize using the 64-bit instruction form, or circumvent the issue by disabling/modifying the call logic. Furthermore, the fact that this issue was initially disclosed through public channels, rather than through AMD's coordinated vulnerability process, has sparked industry discussion regarding response mechanisms.
Regarding the remediation plan, AMD will release the AGESA firmware update for the EPYC 9005 series on November 14th, and the Family 1Ah microcode in the Linux firmware repository has also been patched. By the end of November, the Ryzen 9000 series and AI 300 series will receive the update, while the EPYC Embedded series will have to wait until January 2026. This incident once again highlights the potential risks of hardware security vulnerabilities, and AMD's remediation progress and user response strategies deserve continued attention.
