New vulnerabilities threaten AMD processors: What to know about Zen 5
A recent vulnerability has raised significant concerns regarding AMD processors. The issue is tied to CPUs that utilize the Zen 5 architecture, specifically due to a malfunction in the RDSEED instruction, which plays a vital role in generating random numbers via hardware.
This functionality is frequently utilized by applications that depend on the generation of cryptographic keys meant to be unpredictable. Yet, according to AMD, a flaw has been identified that compromises the randomness, making it less secure and potentially exposing systems to threats.
The official explanation reveals that “an inadequate management of insufficient entropy in AMD CPUs may allow a local attacker to influence the values returned by the RDSEED instruction, leading to the consumption of inadequately random values.” Such a scenario raises serious security risks.
AMD has confirmed that this vulnerability is present in the 16-bit and 32-bit versions of RDSEED, but notably absent in the 64-bit version. This has led the company to recommend using the latter whenever possible or turning to software alternatives until a resolution is implemented.
In a security bulletin, AMD stated that they are actively working to mitigate this issue across the affected CPUs. What’s noteworthy is that the rollout of patches will occur gradually, expected to extend until January 2026, depending on specific hardware models.
Affected processors in AMD’s Zen 5 line
With the confirmation of this vulnerability, AMD has identified key affected models within its Zen 5 series:
The list includes various configurations, pointing to a large impact on both desktop and server markets. Some notable examples are the AMD EPYC 9005 and the AMD Ryzen 9000 series—these are frequently used in both professional and consumer-grade environments.
AMD has already launched a mitigation update for the EPYC 9005 and plans to deliver a second one by mid-November. Solutions for the Ryzen series are set to roll out by the end of November, while Ryzen Embedded and EPYC Embedded processors will receive resolutions in January 2026.
This is not the first time AMD processors have faced vulnerabilities this year. Back in June, it was revealed that models from the Ryzen 3000 to 9000 families experienced a critical fault in the TPM module, which was rectified through a system update. In August, issues arose regarding the security of SEV-SNP in third and fourth generation EPYC chips, exposing sensitive data to malicious actors in advanced virtualization settings.
If you own any of the affected Zen 5 processors, keep an eye on the updates from AMD. These forthcoming patches will be vital for securing your systems against potential cybersecurity threats. The landscape of processor security is ever-evolving, and being proactive in monitoring developments can make a significant difference.
