According to ZDNet, AMD has confirmed a critical bug affecting its new Zen 5 processors that compromises the chip’s pseudorandom number generator. Meta engineer Gregory Price discovered the RDSEED issue, which causes the processor to return a zero value about 10% of the time while incorrectly reporting success. The bug specifically impacts the 16-bit and 32-bit versions of RDSEED across multiple processor lines. AMD is rolling out fixes via AGESA and microcode updates, with EPYC 9005 Series patches already available and other processors scheduled to receive updates between now and January 2025. This security vulnerability could seriously affect cryptographic operations that rely on truly random numbers.
Sponsored content — provided for informational and promotional purposes.
What this bug actually means
So here’s the thing about random number generators – they’re way more important than most people realize. Basically, RDSEED is like the processor’s built-in dice roller for security purposes. It collects environmental noise from things like thermal fluctuations and voltage variations to create numbers that should be completely unpredictable. But with this bug, about 10% of the time, it’s essentially rolling a zero and saying “yep, totally random!” without any indication something went wrong.
Think about what happens when you’re generating encryption keys or security tokens. If there’s a 10% chance your “random” number is actually zero, that creates massive predictability. And predictability is the absolute enemy of security. It’s like having a lock where one out of ten times, the key is just “0000” – not exactly secure.
Why this keeps happening
Now, this isn’t AMD’s first rodeo with processor bugs. Remember Spectre and Meltdown? Or more recently, the DIVIDE bug that affected Zen 1 through Zen 4? It seems like every generation has its own special set of issues. But here’s what’s interesting – modern processors are so incredibly complex that testing every possible edge case is basically impossible.
We’re talking about billions of transistors operating at nanosecond scales. How do you possibly test every combination of instructions, timing, and environmental conditions? You can’t. That’s why bugs like this often get discovered in production by engineers like Gregory Price, who was just doing his job and stumbled across something weird.
The silver lining
Fortunately, there are a few things working in everyone’s favor here. First, the 64-bit version of RDSEED isn’t affected, so there’s an immediate workaround. Second, AMD is being pretty transparent about the fix timeline. They’ve already got patches out for EPYC servers and plan to have everything covered by January.
But here’s a question worth asking – should we be relying so heavily on hardware random number generators in the first place? Many security experts recommend mixing multiple sources of entropy rather than trusting any single method. Maybe this bug will push more developers toward hybrid approaches that combine hardware and software randomness.
The patches are coming through AMD’s security bulletin system, and the technical details are available in the original kernel mailing list post and related commit. It’s definitely a serious issue, but at least it’s being handled with reasonable speed and transparency.
