Description
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- AMD / AMD EPYC™ 9005 Series ProcessorsTurin C1 : 0x0B00215A Turin Dense / B0: 0x0B101054 – Turin C1 : 0x0B00215A Turin Dense / B0: 0x0B101054
- AMD / AMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0e – FireRangeFL1PI 1.0.0.0e