AMD Zen 5 RDSEED Vulnerability Weakens Cryptographic Security
AMD has confirmed a high-severity vulnerability in the RDSEED instruction of its Zen 5 architecture CPUs, including Epyc 9005, Ryzen 9000, and Threadripper 9000 series. The flaw, tracked as CVE-2025-62626, allows the RDSEED function to return a value of 0 as a valid random number in approximately 10% of cases, potentially undermining the integrity of cryptographic keys and other security operations that rely on strong randomness. The issue was discovered by a Meta engineer and publicly disclosed via a Linux kernel mailing list, raising concerns about the predictability of cryptographic operations on affected systems.
AMD has responded by releasing microcode patches for some affected processors, such as the Epyc 9005 series, and is working on additional fixes for other impacted models. As a temporary mitigation, users are advised to use the unaffected 64-bit RDSEED variant where possible or disable the RDSEED instruction via boot parameters. The vulnerability requires local privileges to exploit, meaning an attacker would already need significant access to the system. Linux kernel updates have also attempted to address the issue, though some users have reported compatibility problems with certain distributions following these changes.
Sources
Related Stories
RMPocalypse Vulnerability Enables Full Compromise of AMD SEV-SNP Encrypted Virtual Machines
A critical vulnerability, identified as CVE-2025-0033 and dubbed RMPocalypse, has been discovered in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. This flaw allows attackers to bypass the core security guarantees of SEV-SNP, which is designed to protect the confidentiality and integrity of virtual machines (VMs) even in hostile environments. Researchers from ETH Zürich revealed that the vulnerability stems from incomplete protections in the initialization of the Reverse Map Paging (RMP) table, a key data structure that stores security metadata for all DRAM pages in the system. The RMP table, which maps system physical addresses to guest physical addresses, is only partially protected during VM startup, creating a window of opportunity for exploitation. By performing a single, carefully crafted 8-byte memory write to the RMP table, an attacker can corrupt its contents, undermining the isolation between VMs and the hypervisor. This attack vector enables adversaries with sufficient access to bypass SEV-SNP's hardware-enforced boundaries, potentially gaining full control over encrypted VMs. The implications are severe: attackers could access sensitive data, activate hidden debug functions, forge attestation checks, and even perform replay attacks by restoring previous VM states. AMD has acknowledged the issue and released firmware updates to address the vulnerability, urging customers to apply the patches promptly. The flaw highlights a fundamental challenge in confidential computing, where the security of the underlying mechanisms is as critical as the protections they provide. The vulnerability is particularly concerning for cloud service providers and enterprises relying on SEV-SNP for secure multi-tenant environments. Security experts recommend immediate patching and a review of VM isolation strategies in light of this disclosure. The RMPocalypse flaw demonstrates that even advanced hardware-based security features can be undermined by subtle implementation oversights. The research underscores the importance of rigorous security validation for all components involved in confidential computing. Organizations are advised to monitor for further advisories from AMD and to assess the potential exposure of their virtualized workloads. The incident serves as a reminder that attackers continue to seek and exploit weaknesses in foundational security technologies. The public disclosure of RMPocalypse has prompted renewed scrutiny of hardware-assisted virtualization security. The vulnerability's exploitation requires a high level of technical skill but poses a significant risk to environments where SEV-SNP is deployed. AMD's response includes not only patches but also updated guidance for secure deployment of SEV-SNP-enabled systems. The security community is closely watching for any signs of exploitation in the wild following the release of technical details. This event is expected to influence future designs of confidential computing architectures across the industry.
5 months ago
StackWarp Side-Channel Weakness Undermines AMD SEV-SNP Confidential VMs
Researchers at **CISPA Helmholtz Center for Information Security** disclosed **StackWarp** (**CVE-2025-29943**), a microarchitectural weakness affecting **AMD Zen** CPUs that can undermine the integrity guarantees of **AMD SEV-SNP** “confidential VM” protections. The attack model assumes a **malicious insider with host/hypervisor control** who can run a parallel hyperthread and exploit a previously undocumented hypervisor-side control bit to manipulate the protected guest’s stack pointer behavior, particularly when **Simultaneous Multithreading (SMT)** is enabled. Reported impacts include the ability to recover sensitive data from SEV-SNP guests—such as **cryptographic private keys**—and to enable follow-on compromise scenarios like **bypassing OpenSSH password authentication** and **privilege escalation** within the VM. AMD issued patches (made available in **July 2025**) and later published a security bulletin rating the issue **low severity**, but the disclosure highlights ongoing risk that confidential computing isolation can be weakened by CPU-level behaviors; organizations running SEV-SNP should prioritize applying AMD’s updates and review SMT-related exposure in multi-tenant or high-trust boundary environments.
1 months agoUEFI Motherboard Flaw Enables Early-Boot DMA Attacks and Game Cheat Bypass
A critical vulnerability has been identified in the UEFI firmware of several major motherboard brands, including ASRock, ASUS, MSI, and Gigabyte, which allows attackers to exploit the system during the early boot process via PCIe-connected DMA devices. This flaw enables malicious actors to bypass operating system security controls by taking advantage of the Input-Output Memory Management Unit (IOMMU) not fully initializing upon boot, leaving system RAM exposed to unauthorized access and manipulation. The vulnerability has significant implications for both general system security and the integrity of anti-cheat mechanisms in online games. Riot Games, the developer of *Valorant*, has responded by blocking players who do not update their BIOS with the latest security patches, as the flaw allows sophisticated cheating devices to evade detection by anti-cheat software. Major motherboard vendors have released security updates to address the issue, and users are strongly advised to apply these patches to mitigate the risk of exploitation.
2 months ago