CybserSecurity News

Tag: Epyc

  • Critical Crypto Flaw: AMD Zen 5 Bug Risks Predictable Encryption Keys (CVE-2025-62626)

    A serious vulnerability has been discovered in AMD processors based on the Zen 5 architecture, posing a potential threat to the cryptographic integrity of affected systems. The flaw compromises the hardware implementation of the random number generator, making it possible to predict encryption keys. AMD has already begun distributing updates to address the issue, though full remediation is expected to continue into early 2026.

    The vulnerability, identified as CVE-2025-62626 and catalogued by AMD under AMD-SB-7055, is linked to the RDSEED instruction, which is responsible for generating random numbers. In certain scenarios, an attacker with local access can force the instruction to return a zero value instead of a random output. This undermines the fundamental principles of cryptographic protection — data confidentiality and integrity. Moreover, the issue prevents systems from properly detecting generation failures: the process falsely registers as successful, potentially resulting in encryption keys composed entirely of zeros.

    Only the 16-bit and 32-bit variants of the RDSEED instruction are affected; the 64-bit version remains fully functional and secure. The flaw was discovered in October by an engineer at Meta, prompting the Linux community to swiftly disable RDSEED across all Zen 5-based systems, issuing a patch through the Linux Kernel Mailing List. Notably, the disclosure was not made to AMD via the standard Coordinated Vulnerability Disclosure (CVD) process.

    AMD has already released updated microcode for its Epyc 9005 (“Turin”) server processors, with patches for consumer-grade chips — including the Ryzen 9000, Ryzen AI Max 300, Threadripper 9000, and Ryzen Z2 series — expected by the end of November. Embedded Zen 5 variants are slated to receive updates in January 2026 through OEM partners.

    Until official patches are deployed, AMD recommends several temporary mitigations: use only the 64-bit RDSEED instruction; disable RDSEED via the boot parameter clearcpuid=rdseed or an equivalent setting in QEMU; and discard any zero values returned, reissuing the command until a nonzero output is generated.

    This is not the first time AMD has encountered issues with RDSEED. In 2021, a similar defect was identified in Cyan Skillfish APUs based on the Zen 2 architecture, where RDSEED consistently returned 0xffffffff. The solution at that time also involved disabling the instruction at the Linux kernel level while preserving functionality for RDRAND.

  • Epyc CPUs is about to surpass Opteron’s all-time high market share

    Earlier analysis pointed out that AMD will grow at a higher rate than its peers and continue to capture market share from rival Intel, including the personal computing and server markets. This trend will continue this year and next and is expected to remain at least until late 2024. The reason why AMD can maintain the upward trend is largely due to the performance of EPYC processors in the server market.
    AMD EPYC Genoa processor

    A research report shows that shipments of AMD processors in the server market will continue to rise in 2023 and 2024. Unlike the consumer market, which is currently evenly matched, AMD’s chiplet architecture strategy is quite effective in the server market. A recent report from Next Platform stated that synthesizing data from multiple market research agencies, it can be confirmed that AMD’s share of the server market has reached more than 25%, completely changing the landscape of the server market.

    In 2019, Ruth Cotter, senior vice president of AMD global marketing, human resources, and investor relations, told the media that AMD has set a goal of reaching a 10% market share in the server market by the second quarter of 2020. At the same time, it will reach a market share of 25% within five years, and strive to surpass the historical high of 26% created by Opteron.

    Obviously, it is only a matter of time before EPYC breaks through Opteron’s record. It can be said that there is no suspense, AMD is still in a rising period, and there is still a lot of potential. AMD CEO Dr. Lisa Su said in the second quarter of 2022 earnings call that with the imminent release of several EPYC processors such as the Zen 4 architecture-based Genoa and Zen 4c architecture-based Bergamo, after entering 2023, AMD’s share of the enterprise market will continue to grow steadily.