Overview
- The flaw, tracked as CVE-2025-62626 with a 7.2 severity score, causes RDSEED to return zero while signaling success on Zen 5 CPUs.
- Only the 16-bit and 32-bit RDSEED variants are affected, while the 64-bit version remains a recommended interim source of entropy.
- EPYC 9005 systems received a fix via TurinPI 1.0.0.8 on October 28, with additional updates planned through January for other server, embedded, and consumer lines.
- Linux maintainers have disabled RDSEED on affected chips and advise hiding the instruction via clearcpuid=rdseed or qemu’s -rdseed option when needed.
- The issue was first reproduced by Meta engineer Gregory Price, who observed zero returns in roughly 10% of successful RDSEED calls under specific conditions.