Encryption Flaw in AMD Processors Puts Digital Security at Risk
A critical vulnerability affecting the encryption capabilities of certain AMD processors has been identified,potentially compromising the security of cryptographic keys and random number generation used in software and operating systems. The flaw centers around the RDSEED instruction, a hardware feature designed to generate truly random numbers essential for secure operations.
The issue specifically impacts 16-bit and 32-bit versions of the RDSEED instruction,where,under specific conditions,the instruction can return a non-random zero value while falsely reporting a triumphant operation. This could lead to the creation of predictable numbers, weakening the security of generated keys and making devices vulnerable. While the 64-bit version of RDSEED is not affected, the potential for widespread compromise prompted AMD to classify the issue as high severity.
AMD has confirmed a permanent fix will be distributed through AGESA and microcode updates, initially released for server versions. The rollout to consumer platforms is expected to be completed by the end of January 2026. Motherboard manufacturers and OEMs will deliver these updates to end-users.
In the interim, AMD recommends several mitigation strategies, including utilizing the unaffected 64-bit RDSEED version when possible, masking the RDSEED instruction from software, and implementing error handling to retry the instruction if a zero value is returned. The company also advises updating BIOS firmware and regenerating sensitive cryptographic keys created prior to awareness of the vulnerability.
