Full Report
Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way AMD will issue a microcode patch for a high-severity vulnerability that could weaken cryptographic keys across Epyc and Ryzen CPUs.…
Analysis Summary
# Vulnerability: RNG Weakness in Ryzen and EPYC CPUs Affecting Cryptographic Keys
## CVE Details
- CVE ID: CVE-2025-62626
- CVSS Score: 7.2 (High)
- CWE: (Not explicitly mentioned, related to insecure random number generation/cryptographic weakness)
## Affected Systems
- Products: AMD Ryzen CPUs, AMD EPYC CPUs, EPYC Embedded 9005 series, Ryzen Embedded 9000 series, EPYC Embedded 4005 series.
- Versions: Affected modules running on 16-bit and 32-bit architectures leveraging the affected RDSEED implementation.
- Configurations: Systems utilizing the 16-bit and 32-bit versions of the RDSEED instruction.
## Vulnerability Description
A high-severity vulnerability exists in the RDSEED instruction set implementation on certain AMD Zen 5 processors. RDSEED is crucial as it provides true hardware entropy required for generating high-quality cryptographic keys. The flaw allows a local attacker to manipulate the output of the 16-bit and 32-bit versions of RDSEED, potentially causing the function to return an unacceptable value, specifically '0', instead of a required random number. If an application accepts this invalid output, an attacker could weaken cryptographic keys, facilitating decryption of data or compromise of credentials.
## Exploitation
- Status: PoC available (Implied by the existence of a known flaw needing a patch)
- Complexity: Medium (Requires local privileges already established)
- Attack Vector: Local
## Impact
- Confidentiality: High (Weakening of cryptographic keys can lead to data decryption)
- Integrity: Medium (If keys are used for signing, integrity could be compromised)
- Availability: Low (The flaw does not directly cause system outage)
## Remediation
### Patches
* **Microcode Patch:** AMD is issuing a microcode patch; specific availability timeline varies by product line.
* **Linux Kernel:** Patch available in Linux kernel update 6.18-rc4 (Note: Some users reported GUI issues after applying this specific kernel update).
* **TurinPI:** Patches were available on October 28 for version 1.0.0.8.
* **Future Fixes:**
* EPYC Embedded 9005 series: Fixes expected later this month (November 2025).
* EPYC Embedded 4005 series & Ryzen Embedded 9000 series: Fixes expected in January (2026).
### Workarounds
1. **Use 64-bit RDSEED:** Where possible, utilize the 64-bit version of the RDSEED instruction, as it is not affected by this vulnerability.
2. **Disable Instruction via Boot Parameter (Host/Bare Metal):** Add `clearcpuid=rdseed` to the boot command line to prevent applications from discovering or utilizing the RDSEED function.
3. **Disable Instruction via VM Option (Virtualization):** Use the `-rdseed` option on the QEMU command line.
## Detection
- **Indicators of Compromise:** Increased entropy failures or unexpected '0' return codes from RDSEED functions within security-sensitive applications.
- **Detection Methods and Tools:** Monitoring CPU instruction usage patterns (if tooling allows granularity) or validating the entropy source quality used by security applications.
## References
- Vendor Advisory: AMD (Details pending full release/vendor advisory confirmation)
- Related Links:
* https://lore.kernel.org/lkml/[email protected]/
* https://lore.kernel.org/lkml/176165291198.2601451.3074910014537130674.tip-bot2@tip-bot2/
* The Next Platform: hxxps://www.nextplatform.com/
* DevClass: hxxps://devclass.com/
* Blocks and Files: hxxps://blocksandfiles.com/