CVE-2025-62626

Summary

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0eunaffected
AMDAMD EPYC™ 9005 Series ProcessorsTurin C1 : 0x0B00215A Turin Dense / B0: 0x0B101054unaffected

Weaknesses

  • CWE-333: CWE-333 Improper Handling of Insufficient Entropy in TRNG

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References