Published in PC Hardware

AMD's Zen 2 processors allow the theft of protected information

by on31 July 2023

Zenbleed does not need physical access

A boffin working for Google Information Security posted about a new vulnerability he found in AMD's Zen 2 processors which allow the theift of protected information.

According to Tom's Hardware the 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins.

The attack does not require physical access to the computer or server and can even be executed via JavaScript on a webpage.

In its AMD-SB-7008 Bulletin several hours later. AMD announced that it has patches ready for its EPYC 7002 'Rome' processors now, but it will not patch its consumer Zen 2 Ryzen 3000, 4000, and some 5000-series chips until November and December of this year.

AMD hasn't given specific details of any performance impacts but did issue the following statement to Tom's Hardware: "Any performance impact will vary depending on workload and system configuration. AMD is not aware of any known exploit of the described vulnerability outside the research environment."

The outfit said that under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly.

"This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information."

The Google Information Security researcher who discovered the bug is sharing research on different CPU behaviors, and says the bug can be patched through software on multiple operating systems (e.g., "you can set the chicken bit DE_CFG[9]") — but this might result in a performance penalty.

Last modified on 31 July 2023
Rate this item
(3 votes)