According to ZDNet, Meta engineer Gregory Price discovered a critical RDSEED bug affecting AMD’s Zen 5 processors that compromises their pseudorandom number generation. The bug causes the chips to return a value of zero with a success flag about 10% of the time when generating random numbers, making them dangerously predictable. This affects the 16-bit and 32-bit versions of RDSEED across multiple processor lines including Ryzen AI 300 series, Ryzen 9000 series, and EPYC 9005 series. AMD has confirmed the issue and is pushing fixes through AGESA and microcode updates, with the EPYC 9005 patch already rolling out and other processors scheduled to receive updates between now and January 2025. The 64-bit version of RDSEED remains unaffected and can serve as an interim workaround.
Sponsored content — provided for informational and promotional purposes.
Why this matters for security
Here’s the thing about random numbers – they’re supposed to be, well, random. When your processor can’t generate proper randomness, everything from encryption keys to secure sessions becomes vulnerable. It’s like having a lock that occasionally uses the same key pattern. And when we’re talking about 10% failure rate? That’s not some edge case – that’s one in ten cryptographic operations potentially being compromised.
What makes this particularly nasty is that the system reports these zeros as successful operations. So applications think they’re getting good random data when they’re actually getting predictable garbage. Basically, it’s the worst kind of bug – one that fails silently while creating security holes. Remember when we all learned not to trust random number generators in programming? This is why.
Who needs to worry about this
If you’re running any of AMD’s latest Zen 5 processors – whether in your gaming rig, workstation, or data center – this affects you. The affected processor families include pretty much everything using the new architecture. Enterprise users running EPYC servers should be particularly concerned, since those systems often handle sensitive cryptographic operations.
But here’s some good news: most everyday users probably won’t notice immediate effects. The bug requires specific conditions to be triggered, and many applications have fallback mechanisms. Still, why take the chance when predictable randomness can undermine your entire security model?
The fix timeline and workarounds
AMD’s response has been relatively swift, which is encouraging. The company is distributing fixes through the usual channels – BIOS updates containing new AGESA firmware and microcode patches. The EPYC 9005 series already has patches rolling out, which makes sense given these are enterprise chips where security is paramount.
For other Zen 5 processors, we’re looking at updates through the end of the year into January. Meanwhile, developers can implement the workaround of using the 64-bit RDSEED instruction instead of the affected 16-bit and 32-bit versions. The Linux kernel patches and other system updates are already addressing this at the software level too.
Not AMD’s first rodeo with CPU bugs
This isn’t the first time AMD has faced processor-level security issues, and it certainly won’t be the last. Remember Spectre and Meltdown? Those affected pretty much everyone. The difference here is that this appears to be an implementation bug rather than a fundamental architectural flaw.
What’s interesting is how this was discovered – not through AMD’s internal testing, but by a Meta engineer digging into kernel behavior. Makes you wonder how many other subtle bugs are lurking in modern processors, just waiting for someone to stumble across them. The good news is that the security research community is more active than ever, and companies are generally responding faster when issues are found.
So should you panic? Probably not. But should you make sure your systems get updated when patches become available? Absolutely.
