Security researchers have uncovered an unsettling quirk in AMD’s latest Zen 5 architecture that threatens the very foundation of cryptographic security: true randomness. In a recent security advisory, AMD acknowledged a hardware-level flaw that could turn one of computing’s most critical safety mechanisms into a potential vulnerability.
The heart of the problem: A broken RNG
At the center of this security concern lies RDSEED, a specialized x86-64 instruction that serves as a hardware-based random number generator built directly into AMD processors. Think of it as a digital dice roller that’s supposed to produce unpredictable numbers for creating encryption keys and securing sensitive systems. The problem? Sometimes this dice is landing on zero when it shouldn’t.
The bug specifically affects the 16-bit and 32-bit versions of the RDSEED instruction. Instead of generating a genuinely random number, these variants can occasionally spit out a zero and—here’s the really troubling part—flag the operation as successful. This means security systems relying on this function might accept zero as a valid random number without realizing anything went wrong.
Why this matters more than you’d think
Imagine trying to create an unbreakable lock, but your key-making machine occasionally produces blank keys instead of unique ones. That’s essentially what’s happening here. Malicious software could potentially exploit these moments when the system produces a known, predictable value (zero) instead of a truly random one. In the world of cryptography, predictability is the enemy, and a known value like zero is about as predictable as it gets.
The silver lining? The 64-bit version of the RDSEED instruction works perfectly fine. This means the vulnerability only rears its head in systems specifically using the 32-bit or 16-bit variants of the instruction.
AMD’s response: Patches on the horizon
AMD isn’t sitting idle on this issue. The company has already begun developing updated firmware and microcode to eliminate the problem at its source. For those running Zen 5-based systems, here’s what the rollout timeline looks like.
Server solutions coming first
For enterprise users running AMD EPYC 9005 Series processors, relief arrives on November 14th with the AGESA TurinPI 1.0.0.8 firmware update. A microcode patch that serves as a temporary fix actually dropped just last week, giving data centers an immediate mitigation option. The EPYC EMBEDDED 9005 Series will receive the same treatment on November 14th, though users of the EPYC EMBEDDED 4005 and Ryzen Embedded 9000 Series will need to wait until January 2026.
Consumer processors get their turn
Desktop and mobile users won’t have to wait much longer. AMD plans to release firmware updates on November 25th for an extensive lineup of consumer processors, including:
- Ryzen 9000 Series Desktop processors
- Ryzen 9000HX Series for high-performance laptops
- Ryzen AI 300 Series
- Ryzen AI Z2 Series Extreme
- Ryzen AI Max 300 Series
- Threadripper 9000 workstation processors
- Threadripper PRO 9000 WX-Series
- Ryzen Z2 Series Extreme
What to do while waiting for the fix
AMD has issued practical guidance for developers and system administrators who can’t wait for the official patches. The simplest solution? Use the 64-bit version of the RDSEED instruction whenever possible, since it’s not affected by the bug.
For situations where switching to 64-bit isn’t feasible, developers should modify their applications to reject zero as a valid random number output. It’s not an elegant solution, but it effectively closes the security gap. System administrators also have the option to disable the RDSEED instruction entirely if their security requirements demand it, though this is obviously a more drastic measure.
The bigger picture
This incident serves as a reminder of how deeply hardware security affects modern computing. When a fundamental building block like random number generation becomes unreliable, it ripples through every layer of software that depends on it. The good news is that AMD caught and acknowledged the issue relatively quickly, and fixes are already in motion across their entire Zen 5 product line.
For users with affected processors, the key takeaway is straightforward: keep an eye out for BIOS updates from your motherboard manufacturer starting mid-to-late November, and install them as soon as they become available. Your system’s cryptographic security may literally depend on it.