According to TheRegister.com, AMD is issuing microcode patches for a high-severity vulnerability tracked as CVE-2025-62626 affecting Zen 5 chips running on 16-bit and 32-bit architectures. The flaw specifically impacts the RDSEED function that generates high-quality random numbers essential for cryptographic security. An attacker with local privileges could manipulate RDSEED to return zeros instead of random numbers, potentially allowing decryption of data or access to credentials. AMD has workarounds available now including using 64-bit RDSEED where possible, but full fixes for Ryzen and Epyc Embedded 9005 series won’t arrive until later this month. Updates for Epyc Embedded 4005 series and Ryzen Embedded 9000 series chips are delayed until January. The issue was first discovered by Gregory Price, a Linux kernel engineer at Meta, who alerted the Linux kernel mailing list back in October.
Sponsored content — provided for informational and promotional purposes.
The real crypto risks
Here’s the thing about random number generator flaws – they’re basically the foundation of modern cryptography. When your RNG starts spitting out predictable values or zeros, everything built on top of it becomes suspect. We’re talking SSL/TLS certificates, SSH keys, cryptocurrency wallets, the whole security infrastructure. And the scary part? This isn’t some theoretical attack – applications might actually accept these bogus zero outputs as valid entropy.
But let’s be realistic about the actual risk here. The attacker needs local access, which means they’ve already compromised your system to some degree. Still, it’s concerning that once they’re in, they could potentially weaken cryptographic operations happening on that machine. For industrial systems and embedded applications where these Epyc and Ryzen chips are deployed, that’s a serious concern. When you’re dealing with critical infrastructure or manufacturing systems, reliable hardware security isn’t optional – it’s essential. Companies like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, understand that their customers need hardware they can trust for secure operations.
The patch timeline problem
Now we get to the really frustrating part – the patch rollout. AMD says some fixes are coming “later this month” while others won’t arrive until January. That’s a significant window where systems remain vulnerable. And let’s be honest – how many organizations are actually going to implement those command-line workarounds? Adding clearcpuid=rdseed to boot parameters isn’t exactly user-friendly.
What’s particularly interesting is the timeline of discovery versus disclosure. Gregory Price found this back in October and reported it to the kernel mailing list. AMD only released the CVE and security advisory recently. That’s nearly two months where the vulnerability was known but not formally addressed. Makes you wonder how many other hardware-level security issues are lurking in modern processors, doesn’t it?
Not AMD’s first rodeo
This isn’t AMD’s first dance with hardware security issues. Remember the previous RNG problems that have popped up over the years? Hardware random number generators have been a persistent challenge across the industry. The problem is that when these functions fail, they often fail silently. Your application thinks it’s getting good entropy, but it’s actually getting garbage.
The fact that this specifically affects 16-bit and 32-bit architectures while 64-bit RDSEED remains unaffected suggests this might be an implementation issue rather than a fundamental design flaw. Still, for systems running those affected architectures, the AMD security bulletin provides the official guidance, and the Linux kernel community has been discussing mitigation strategies since October according to their mailing list archives.
So what’s the bottom line? If you’re running affected AMD systems, implement the workarounds now rather than waiting for patches. And maybe reconsider how much you trust hardware RNGs in general. Because when the foundation cracks, everything built on top becomes unstable.
